Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compare proxy shared secret configuration #231

Closed
rcritten opened this issue Nov 5, 2021 · 0 comments
Closed

Compare proxy shared secret configuration #231

rcritten opened this issue Nov 5, 2021 · 0 comments
Assignees
@rcritten

Comments

@rcritten
Copy link
Collaborator

rcritten commented Nov 5, 2021

IPA uses a shared secret to configure the proxy to the CA. There are two possible issues:

  1. The shared secret differs between the two. This will lead to a cryptic 403 error that is often confused with an RA agent mismatch.
  2. In CentOS 8 there is an issue where both secret and requiredSecret are set in the tomcat server.xml configuration and the secrets don't match what is in ipa-pki-proxy.conf.
@rcritten rcritten self-assigned this Nov 8, 2021
rcritten added a commit to rcritten/freeipa-healthcheck that referenced this issue Nov 8, 2021
@rcritten
Compare proxy shared secret configuration
ec10f46 
Compare the ProxyPassMatch secret(s) with those in server.xml

For now we are skipping checking to see if both secret and
requiredSecret are configured since it doesn't seem to cause
tomcat any issues. As long as the secrets match up with
ipa-pki-proxy.conf then things work fine.

freeipa#231

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
@rcritten rcritten mentioned this issue Nov 8, 2021
Merged
rcritten added a commit to rcritten/freeipa-healthcheck that referenced this issue Nov 8, 2021
@rcritten
Compare proxy shared secret configuration
293e7ce 
Compare the ProxyPassMatch secret(s) with those in server.xml

For now we are skipping checking to see if both secret and
requiredSecret are configured since it doesn't seem to cause
tomcat any issues. As long as the secrets match up with
ipa-pki-proxy.conf then things work fine.

freeipa#231

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
rcritten added a commit that referenced this issue Feb 1, 2022
@rcritten
Compare proxy shared secret configuration
63016f5 
Compare the ProxyPassMatch secret(s) with those in server.xml

For now we are skipping checking to see if both secret and
requiredSecret are configured since it doesn't seem to cause
tomcat any issues. As long as the secrets match up with
ipa-pki-proxy.conf then things work fine.

#231

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
joeldavidparker added a commit to joeldavidparker/freeipa-healthcheck that referenced this issue Jun 24, 2022
@joeldavidparker
Compare proxy shared secret configuration
f68eb64 
Compare the ProxyPassMatch secret(s) with those in server.xml

For now we are skipping checking to see if both secret and
requiredSecret are configured since it doesn't seem to cause
tomcat any issues. As long as the secrets match up with
ipa-pki-proxy.conf then things work fine.

freeipa/freeipa-healthcheck#231

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rcritten rcritten

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rcritten