no password check

  • cyberuser

    cyberuser - 2013-10-28

    When I allow users to self-register on public web with the combination of approval requests for the admin I get the following problem:

    1. user do a request registration
    2. admin approve that request
    3. user get email with username and password (auto generated)
    4. user visit the public page to download his certificate (for instance domain:8080/ejbca/enrol/browser.jsp)
    5. user is asked for an username and password

    At this point only the username is checked. the user have to input an username and can leave the password field empty. Only while the next step (where you select your key length and click on "ok") the username and the password in combination is checked.

    Why the password is not proved at step 5? Is it an configuration error or a bug?

  • Tomas Gustavsson

    It is not a bug, let's just say that it is a usability flaw. But yes it works as you describe it. There are ideas to change it in the future.


    • cyberuser

      cyberuser - 2013-10-28

      Ok, thank you for your prompt answer.
      I'm looking forward to see the changes.


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks