Menu
▾
▴
Re: [Ejbca-develop] Question about external data sources
|
From: Henrik <Hen...@Go...> - 2013-07-01 12:51:26
|
Hi Anders, They'd be distributed via the self-service WebUI which EJBCA ships with. However, the people who're supposed to use the self-service UI would need to have accounts first. And these accounts should use their already stored passwords and should only allow them to request certificates for the EndEntities they're responsible for. (Information that's stored in the databases) That would be the intended use case. Kind regards, Henrik On Mon, Jul 1, 2013 at 2:35 PM, ejbca-support <ejb...@pr...>wrote: > On 2013-07-01 14:25, Henrik wrote: > > Hi, > > > > I got the following (simplified) setup: > > A database with user information (username, salted password hash, as > well as further user attributes), which is supposed to be read-only from > EJBCA perspective. > > (It's actually two databases that need some logic to combine the > attributes.) > > I'd like to use EJBCA in a way that the RA queries that setup when a > user wants to request a certificate for an end entity via the EJBCA web > interface. So when a user is supposed to log in with username and password, > these credentials should be retrieved from the custom setup. > > I guess that is what the "Framework for External User Data Sources" is > for? > > > http://www.ejbca.org/adminguide.html#Framework%20for%20External%20User%20Data%20Sources > > > > Is there a more detailed manual for this step available somewhere? > > > > My naive expectation was, that I'd have to implement an interface with a > function like fetchUser(name, passwd), where this would either return nil > if the user wasn't found or if the password didn't match, or it would > return a user/EndEntity instance if user was found and password did match. > > > > However, what I found was some function fetch(Admin admin, Sting > searchstring), that returns a collection of UserDataSourceVO for all users > that matched the searchstring. > > > > It seems I'm misunderstanding the concept of a custom data source. Can > someone elaborate on it? > > > > So in a nutshell, my questions are: > > > > * How can I initialize users with username and password? > > * What are custom data sources used for, if not for the above? > > I wouldn't bother too much with external data sources. > The important thing is how certificates are to be distributed. Cards, > P12s, Browser, VPN-client etc. > > Cheers > Anders > tech support > > > > > Kind regards, > > Henrik > > > > > > > ------------------------------------------------------------------------------ > > This SF.net email is sponsored by Windows: > > > > Build for Windows Store. > > > > http://p.sf.net/sfu/windows-dev2dev > > > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > |
