We're updating the issue view to help you get more done.Learn more

BSP is rejecting subjectDN values that contain emailaddress

Certificates created with the openssl command line tool interactive prompts are not being interpreted correctly by BSP. Specifically, If you fill out the email prompt the resulting subjectDN is being misinterpreted by BSP.

For example, "C=US, ST=California, L=Berkeley, O=UC Berkeley - IST, OU=CTS, CN=Brian Wood/emailAddress=bwood@berkeley.edu"

is read by BSP as "EMAILADDRESS=bwood@berkeley.edu, CN=Brian Wood, OU=CTS, O=UC Berkeley - IST, L=Berkeley, ST=California, C=US"

This causes an exception during auth since the value expected and captured previously in Grouper for the subjectDN does not match that which BSP is passing to Grouper.

Status

Assignee

Keith Hazelton

Reporter

Fernando Alvarez

Time estimate

8h

Due date

2012/11/30

Priority

Minor