Description

Restrictions

  • No SPML authentication at the moment

Usage

Sample

Demo

This chapter show how the servlet

Sample SPML addRequest

The following text is a SPML request generated by my samples.

<addRequest xmlns='urn:oasis:names:tc:SPML:2:0' requestID='rid-spmlv2' executionMode='synchronous'>
  <psoID ID='spmltest-20080823122757'/>
  <data>
    <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='objectclass'>
      <dsml:value>spml2Person</dsml:value>
    </dsml:attr>
    <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='credentials'>
      <dsml:value>password</dsml:value>
    </dsml:attr>
    <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='organization'>
      <dsml:value>Top:asyd.net:People</dsml:value>
    </dsml:attr>
    <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='emailAddress'>
      <dsml:value>bbonfils  nospam at gmail.com</dsml:value>
    </dsml:attr>
  </data>
</addRequest>

Groovy script

The goal of the groovy script is to use the attributes (from the request) to create a new entity in EJBCA

import java.util.HashMap
import net.asyd.iam.FinalAddEntity
import org.ejbca.core.protocol.ws.UserDataVOWS
public class FinalAddEntitySample implements FinalAddEntity {
    def id
    def attributes
    def buffer
    def ejbcaEntity
    public void init(String id, HashMap attributes, UserDataVOWS ejbcaEntity) {
        this.id = id
        this.attributes = attributes
        this.ejbcaEntity = ejbcaEntity
    }
    public void preprocess() {
        buffer = ",UID=" + id + ",OU=staff,O=asyd dot net,C=FR"
    }
    public String getSubjectDN() {
        return "CN=" + id + buffer
    }
    public boolean proceed() {
        ejbcaEntity.setUsername(id)
        ejbcaEntity.setEmail(attributes.get("emailAddress"))
        ejbcaEntity.setSubjectDN(getSubjectDN())
        ejbcaEntity.setCaName("DemoCA")
        ejbcaEntity.setCertificateProfileName("ENDUSER")
        ejbcaEntity.setEndEntityProfileName("EE_SPML_USER")
        ejbcaEntity.setTokenType("P12")
        ejbcaEntity.setSendNotification(true)
        return true
    }
}

EJBCA WebServices request

EJBCA logs

You must configure in EJBCA an appropriate End Entity profile (with auto generated password and notification enabled).

2008-08-23 12:27:59,009 INFO  [org.ejbca.core.model.log.Log4jLogDevice] 23 août 2008 12:27:59 CEST, CAId : 1896357337, RA, EVENT_INFO_NOTIFICATION, Administrator : CLIENTCERT, Certificate SNR : 3C514C71A520C2DB, CN=Linagora Demo AdminCA,O=LINAGORA Groupe,C=FR, User : spmltest-20080823122757, Certificate : No certificate involved, Comment : Notification to user spmltest-20080823122757 with email bbonfils nospam gmail.com sent successfully.
2008-08-23 12:27:59,018 INFO  [org.ejbca.core.model.log.Log4jLogDevice] 23 août 2008 12:27:59 CEST, CAId : 1896357337, RA, EVENT_INFO_ADDEDENDENTITY, Administrator : CLIENTCERT, Certificate SNR : 3C514C71A520C2DB, CN=Linagora Demo AdminCA,O=LINAGORA Groupe,C=FR, User : spmltest-20080823122757, Certificate : No certificate involved, Comment : Added end entity spmltest-20080823122757.

About EJBCA

EJBCA is a very powerful certificate authority, based on Java technology.

Version 6.1 last modified by Bruno Bonfils on 23/08/2008 at 20:11

Comments 0

No comments for this document

Attachments 0

No attachments for this document
 
Quick Links
Projects
Creator: Bruno Bonfils on 2008/08/23 11:50
This wiki is licensed under a Creative Commons license
1.4.1.10194