Hi Mukilan,
the workflow is intended to be used with TLS Client Auth and the
"approval" is then done based on the evaluation of the
"authorized_signer" part as it is documented for the enrollment workflow.
As the workflow has an "autoapproval" flag that is usually set when this
is run internally, you can use the "preset*" magic to set this, in
/etc/openxpki/rpc/enroll.conf append the last line as follows:
[RevokeCertificate]
workflow = certificate_revocation_request_v2
param = cert_identifier, reason_code, comment, invalidity_time
env = signer_cert, server
output = error_code
preset_flag_auto_approval = 1
This will set the parameter "flag_auto_approval" to the value of one for
every incoming call on this endpoint, you should obviously make sure
that nobody can access this endpoint address without proper
authentication or otherwise anybody with network access can revoke
certificates which is very likely not what you want.
Oliver
On 10.11.22 09:57, Mukilan P via OpenXPKI-users wrote:
Thank you very much Oliver.
I have gone through your reply. I need some clarity on your reply. Can
you please share sample enroll.yaml to enable auto approval of
Revocation or the configuration properties to make auto approval for
revocation.
I am using plain HTTP for testing purpose.
Regards,
Mukilan
On Wednesday, 9 November, 2022 at 09:35:26 am GMT+1, Oliver Welter
<[email protected]> wrote:
https://sourceforge.net/p/openxpki/mailman/message/37670844/
<https://sourceforge.net/p/openxpki/mailman/message/37670844/>
On 07.11.22 22:40, Mukilan P via OpenXPKI-users wrote:
Hi Experts,
Can you please provide sample workflow to skip
authentication/authorization for auto approval of revocation?.
I tried with the following sample config in /rpc/enroll.yml, but it is
not working out.
policy:
# Authentication Options
# Initial requests need ONE authentication.
# Activate Challenge Password and/or HMAC by setting the appropriate
# options below.
# if set requests can be authenticated by an operator
allow_man_authen: 0
# if set, no authentication is required at all and hmac/challenge is
# not evaluated even if it is set/present in the request!
allow_anon_enroll: 1
# Approval
# If not autoapproved, allow opeerator to add approval by hand
allow_man_approv: 0
# if the eligibiliyt check failed the first time
# show a button to run a recheck (Workflow goes to PENDING)
allow_eligibility_recheck: 0
# Approval points requirede (eligibity and operator count as one
point each)
# if you set this to "0", all authenticated requests are
auto-approved!
approval_points: 0
Regards,
Mukilan
_______________________________________________
OpenXPKI-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/openxpki-users
<https://lists.sourceforge.net/lists/listinfo/openxpki-users>
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
