BSP is rejecting subjectDN values that contain emailaddress

Description

Certificates created with the openssl command line tool interactive prompts are not being interpreted correctly by BSP. Specifically, If you fill out the email prompt the resulting subjectDN is being misinterpreted by BSP.

For example, "C=US, ST=California, L=Berkeley, O=UC Berkeley - IST, OU=CTS, CN=Brian Wood/emailAddress=bwood@berkeley.edu"

is read by BSP as "EMAILADDRESS=bwood@berkeley.edu, CN=Brian Wood, OU=CTS, O=UC Berkeley - IST, L=Berkeley, ST=California, C=US"

This causes an exception during auth since the value expected and captured previously in Grouper for the subjectDN does not match that which BSP is passing to Grouper.

Environment

BSP 1.0

Activity

Show:
Fernando Alvarez
November 10, 2012, 4:48 AM

Over to Keith for testing against bsp-dev using his cert and the values for voronoi app on Arche.

SM
April 23, 2013, 7:21 AM

Will not fix. Workaround is to omit email address in generation of self-signed certificate. Cf. Configure Apache Web Server for Client Auth, section titled Generate a self-signed key with openssl.

Won't Fix

Assignee

Keith Hazelton

Reporter

Fernando Alvarez

Labels

None

Time tracking

0m

Time remaining

8h

Due date

2012/11/30

Priority

Minor