Hi Oliver,
Good news, setting
_map_notify_to: "[% context.cert_subject_parts.SAN_EMAIL.0 %]"
worked! I am now able to get the e-mail notification, but from cert request and
cert approval/signing.
Thank you very much!
Lixin.
On 2023-09-19, 11:49 PM, "Oliver Welter" <[email protected]
<mailto:[email protected]>> wrote:
Hi Lixin,
the metadata is not used for the notification (at least not the way you
expect this here) - the metadata node in the profile definition just
defines key/value pairs that will be added to the certificate database.
The existing setup for the recipients in the notification actions comes
from an old use case where those parameters where passed along with the
request as parameters, this is still working to not break legacy support
but it was never a "public and documented" feature.
To have the SAN item set as recipient you need to change the
"_map_notify_to" expression to point either to the hash of the parsed
subject ([% context.cert_subject_parts.SAN_EMAIL.0 %] should work) or
use the metadata which you have defined earlier via the Templating
plugins (Certificate.attr(...)).
Oliver
On 18.09.23 18:53, Lixin Liu wrote:
> Hi,
>
> Several months ago, I was asking if I can use SAN_EMAIL field as the email
> notification
> for anonymous EST request submission.
>
> I had other projects to deal with, so did not investigate further. Now I am
> back on this
> again and I upgraded release to 3.26 (both software and config).
>
> There are a few questions:
>
> 1. The file profile/template/san_email.yaml does not exist
>
> I added this, but I also need to add
>
> label: I18N_OPENXPKI_UI_PROFILE_SAN_EMAIL
> description: I18N_OPENXPKI_UI_PROFILE_SAN_EMAIL_DESCRIPTION
>
> as they are not in openxpki.po. I only added en_US as I don't allow any other
> language.
>
> 2. Adding notification
>
> After adding SAN_EMAIL, I can see the option is presented in the CSR, then I
> defined
>
> metadata:
> system_id: "[% data.cust_id %]"
> server_id: "[% data.server_id %]"
> requestor: "[% CN.0 %]"
> email: "[% SAN_EMAIL.0 %]"
> entity: "[% CN.0 FILTER lower %]"
>
> in the "enroll:" style. I can see these options are successfully processed
> when I run the
> approval from RA, but showing no receipient:
>
> 2023/09/17 15:36:22 openxpki.application.INFO Append (set) certificate
> metadata requestor with *******
> [pid=45052|sid=iK43|rid=559a13480540|wftype=certificate_enroll|wfid=6399]
> 2023/09/17 15:36:22 openxpki.application.INFO Append (set) certificate
> metadata email with *******
> [pid=45052|sid=iK43|rid=559a13480540|wftype=certificate_enroll|wfid=6399]
> 2023/09/17 15:36:22 openxpki.application.INFO Append (set) certificate
> metadata server_id with tlsserver
> [pid=45052|sid=iK43|rid=559a13480540|wftype=certificate_enroll|wfid=6399]
> 2023/09/17 15:36:22 openxpki.application.INFO Append (set) certificate
> metadata entity with ********
> [pid=45052|sid=iK43|rid=559a13480540|wftype=certificate_enroll|wfid=6399]
> 2023/09/17 15:36:22 openxpki.application.INFO Trigger notification message
> enroll_cert_issued
> [pid=45052|sid=iK43|rid=559a13480540|wftype=certificate_enroll|wfid=6399]
> 2023/09/17 15:36:22 openxpki.system.WARN Failed sending notification
> enroll_cert_issued - no receipient
> [pid=45052|sid=iK43|rid=559a13480540|wftype=certificate_enroll|wfid=6399]
>
> I see the default workflow for notification is defined in
> certificate_enroll.yaml
>
> notify_cert_issued:
> class: OpenXPKI::Server::Workflow::Activity::Tools::Notify
> param:
> _map_notify_cc: $url_notifycc
> _map_notify_to: $url_requester
> _map_transaction_id: $transaction_id
> message: enroll_cert_issued
>
> but I don't see where $url_requester is defined. Almost everywhere, openxpki
> config uses requestor (instead of er).
>
> Is this a typo or I am missing something?
>
> Thank you very much.
>
> Lixin.
>
>
>
>
>
>
> _______________________________________________
> OpenXPKI-users mailing list
> [email protected]
> <mailto:[email protected]>
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
> <https://lists.sourceforge.net/lists/listinfo/openxpki-users>
>
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/openxpki-users
<https://lists.sourceforge.net/lists/listinfo/openxpki-users>
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
