Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
OpenXPKI::OpenXPKI::SeUser:ContributedAPerliDocumentationvaluateEligibility(3)

Name
       OpenXPKI::Server::Workflow::Activity::SCEPv2::EvaluateEligibility

Description
       Check the eligability to	perform	initial	enrollment or renewal against
       the connector. The activity detects if we are in	initial	or renewal
       mode and	writes the decission to	"request_mode".

Configuration
   Activity Configuration
       pause_on_error
	   Set this if you have	connectors that	might cause exceptions.	You
	   also	need to	set a useful value for retry_count. Effective only in
	   attribute mode! (see	also OpenXPKI::Server::Workflow::Activity). If
	   not set, connector errors will bubble up as exceptions to the
	   workflow handler.

   Data	Source Configuration
       Dynamic using a Connector

       The data	source must be configured in the config	of the running scep
       server:

	 scep-server-1:
	   eligible:
	     initial:
	       value@: connector:your.connector
	       args:
		- "[% context.cert_subject %]"
		- "[% context.url_mac %]"

	     renewal: ''

       For inital enrollment, the given	connector is queried using the
       requested subject and mac address (gathered by url parameter), e.g.:

	  your.connector.cn=foo,dc=bar.00:01:02:34:56:78

       If the connector	returns	a true value, the enrollment is	granted.
       Renewal is disabled as the path is empty.

       Dynamic with a return-value whitelist

       If you need to make the decission based on the return value, you	can
       add a list of expected values to	the definition:

	   initial:
	     value@: connector:your.connector
	     args:
	       - "[% context.cert_subject %]"
	       - "[% context.url_mac %]"
	     expected:
	       - Active
	       - Build

       The check will succeed, if the value returned be	the connector has a
       literal match in	the given list.

       Static

       To globally enable a feature without taking the request into account,
       omit the	args and set value to a	literal	1:

	 scep-server-1:
	   eligible:
	     initial:
	       value: 1

	     renewal:
	       value: 1

       Sidenote: You can use a connector here as well, but in static mode we
       always test for a literal "1" as	return value!

perl v5.24OpenXPKI::Server::Workflow::Activity::SCEPv2::EvaluateEligibility(3)

Name | Description | Configuration

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=OpenXPKI::Server::Workflow::Activity::SCEPv2::EvaluateEligibility&sektion=3&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help