GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  OPENXPKI::SERVER::WORKFLOW::ACTIVITY::SCEPV2::EVALUATEELIGIBILITY (3)

.ds Aq ’

Name

OpenXPKI::Server::Workflow::Activity::SCEPv2::EvaluateEligibility

CONTENTS

Description

Check the eligability to perform initial enrollment or renewal against the connector. The activity detects if we are in initial or renewal mode and writes the decission to request_mode.

    Configuration

The data source must be configured in the config of the running scep server:



  scep-server-1:
    eligible:
      initial:
        value@: connector:your.connector
        args:
         - "[% context.cert_subject %]"
         - "[% context.url_mac %]"

      renewal: 



For inital enrollment, the given connector is queried using the requested subject and mac address (gathered by url parameter), e.g.:



   your.connector.cn=foo,dc=bar.00:01:02:34:56:78



If the connector returns a true value, the enrollment is granted. Renewal is disabled as the path is empty.

    Configuration alternatives

If you need to make the decission based on the return value, you can add a list of expected values to the definition:



    initial:
      value@: connector:your.connector
      args:
        - "[% context.cert_subject %]"
        - "[% context.url_mac %]"
      expected:
        - Active
        - Build



The check will succeed, if the value returned be the connector has a literal match in the given list.

To globally enable a feature without taking the request into account, omit the args and set value to a literal 1:



  scep-server-1:
    eligible:
      initial:
        value: 1

      renewal:
        value: 1



Sidenote: You can use a connector here as well, but in static mode we always test for a literal 1 as return value!

Search for    or go to Top of page |  Section 3 |  Main Index


perl v5.20.3 OPENXPKI::SERVER::WORKFLOW::ACTIVITY::SCEPV2::EVALUATEELIGIBILITY (3) 2016-04-03

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.