[Pki-users] pki-ra Authentication error

James "Jim" Kinney James.Kinney at gtri.gatech.edu
Tue Sep 28 20:51:19 UTC 2010 

Setting up dogtag on Fedora 12 with versions 1.3.2-1 of dogtag-pki-ra-ui 
and 1.3.1-1 of pki-ra

The 389 system is setup OK and the pkicreate for the ca went smooth.

The debug log from the pki-ca shows an invalid hostname during the 
"Subject Names" section on the ra wizard screen:


[28/Sep/2010:16:25:11][http-9444-Processor22]: TokenAuthentication: start
[28/Sep/2010:16:25:11][http-9444-Processor22]: TokenAuthentication: 
content=sessionID=9216515598699103255&hostname=0:0:0:0:0:0:0:1
[28/Sep/2010:16:25:11][http-9444-Processor25]: CMSServlet:service() uri 
= /ca/ee/ca/tokenAuthenticate
[28/Sep/2010:16:25:11][http-9444-Processor25]: CMSServlet::service() 
param name='hostname' value='0:0:0:0:0:0:0:1'
[28/Sep/2010:16:25:11][http-9444-Processor25]: CMSServlet::service() 
param name='sessionID' value='9216515598699103255'
[28/Sep/2010:16:25:11][http-9444-Processor25]: CMSServlet: 
caTokenAuthenticate start to service.
[28/Sep/2010:16:25:11][http-9444-Processor25]: TokenAuthentication: 
sessionId=9216515598699103255
[28/Sep/2010:16:25:11][http-9444-Processor25]: TokenAuthentication: 
givenHost=0:0:0:0:0:0:0:1
[28/Sep/2010:16:25:11][http-9444-Processor25]: TokenAuthentication: 
checking session in the session table
[28/Sep/2010:16:25:11][http-9444-Processor25]: CMSEngine: 
getPasswordStore(): password store initialized before.
[28/Sep/2010:16:25:11][http-9444-Processor25]: CMSEngine: 
getPasswordStore(): password store initialized.
[28/Sep/2010:16:25:11][http-9444-Processor25]: TokenAuthentication: 
found session
[28/Sep/2010:16:25:11][http-9444-Processor25]: CMSEngine: 
getPasswordStore(): password store initialized before.
[28/Sep/2010:16:25:11][http-9444-Processor25]: CMSEngine: 
getPasswordStore(): password store initialized.
[28/Sep/2010:16:25:12][http-9444-Processor25]: TokenAuthentication: 
hostname=***.***.***.*** and givenHost=0:0:0:0:0:0:0:1 is different
[28/Sep/2010:16:25:12][http-9444-Processor25]: TokenAuthenticate 
authenticate failed, wrong hostname.
[28/Sep/2010:16:25:12][http-9444-Processor22]: TokenAuthentication: status=1
[28/Sep/2010:16:25:12][http-9444-Processor22]: ProfileSubmitServlet: 
authentication error Error: Failed Authentication
[28/Sep/2010:16:25:12][http-9444-Processor25]: CMSServlet: curDate=Tue 
Sep 28 16:25:12 EDT 2010 id=caTokenAuthenticate time=1019


TokenAuthentication: hostname is the IP address of the system and not 
the hostname.  All of the fields in the lead up screen use proper data 
and fqdn hostnames

The debug log from pki-ra just after the /usr/bin/sslget line shows :

Tue Sep 28 16:25:12 EDT 2010 - content = HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Content-Length: 118
Date: Tue, 28 Sep 2010 20:25:12 GMT
Connection: close

<?xml version="1.0" 
encoding="UTF-8"?><XMLResponse><Status>1</Status><Error>Authentication 
Error</Error></XMLResponse>
Subject: CN=my.host.name,OU=pki-ca,O=STL Dogtag Domain
Issuer : CN=Certificate Authority,OU=pki-ca,O=STL Dogtag Domain
bulk cipher RC4, 128 secret key bits, 128 key bits, status: 1

Tue Sep 28 16:25:12 EDT 2010 - NamePanel: response content= 
<XMLResponse><Status>1</Status><Error>Authentication 
Error</Error></XMLResponse>
Tue Sep 28 16:25:12 EDT 2010 - NamePanel: Error = Authentication Error
Tue Sep 28 16:25:12 EDT 2010 - RA wizard: update returns status '0'

Ideas?

-- 
James "Jim" Kinney
(404) 407-7967
GTRI

More information about the Pki-users mailing list