This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 496692 - CS 8.0 Beta. At the end of enrollment, double verification of PIN is requested with the second one throwing an
CS 8.0 Beta. At the end of enrollment, double verification of PIN is request...
Status: CLOSED ERRATA
Product: Dogtag Certificate System
Classification: Community
Component: ESC (Show other bugs)
1.0
All Linux
medium Severity high
: ---
: ---
Assigned To: Jack Magne
Chandrasekar Kannan
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2009-04-20 14:32 EDT by Sean Veale
Modified: 2015-01-04 18:37 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-22 19:34:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Debug logs and screen shot of the error message (1.55 MB, application/zip)
2009-04-20 14:45 EDT, Sean Veale
no flags Details

  None (edit)
Description Sean Veale 2009-04-20 14:32:17 EDT
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Sean Veale 2009-04-20 14:44:59 EDT
Description of problem: 

Version-Release number of selected component (if applicable):
After a token is enrolled, the ESC displays the dialog asking for Pin Verification twice. The second time a CoolKey PKCS #11 CSP Error is displayed. 

If you click ok, you will then get the pop-up saying the token was enrolled successfully. 

Potentially related.  In fire fox (running 3.0.7 anyway) in the alpha if I slotted or removed the token from the system I could see the certificates associated with the card being added or removed from the list the browser knows about.  This no longer happens!

How reproducible:
Always

Steps to Reproduce:
1. Enroll a User. 
2. See the error
3.

Actual results:

Error when enrolling
Expected results:

Able to enroll with no errors. Only asked once.
Additional info:  
Zip File includes tail of TPS debug and error logs, as well as CA debug  and a screen shot of the 2nd verification with it's error.
Comment 2 Sean Veale 2009-04-20 14:45:30 EDT
Created attachment 340405 [details]
Debug logs and screen shot of the error message
Comment 3 Jack Magne 2009-04-20 14:50:20 EDT
I've not seen this myself, but will take a look at the logs...

So, when this happens do the certificates make it over to CAPI thus you can see them in IE when doing internet options/content/certificates?
Comment 4 Sean Veale 2009-04-20 15:46:53 EDT
They do make it to the CAPI as I see them in I.E. Also It appears the PKS module isn't loaded into the firefox though "Managing Smart Cards with the ESC" doc section 5.1 says this is automatic.
Comment 5 Jack Magne 2009-06-04 17:16:04 EDT
Moving to medium, intermittent.
Comment 6 Jack Magne 2009-06-05 20:33:41 EDT
The fix for this bug is contained in the fix for the following bug:

https://bugzilla.redhat.com/show_bug.cgi?id=496759
Comment 7 Jack Magne 2009-06-05 20:33:57 EDT
Fixed in next build.
Comment 8 Asha Akkiangady 2009-06-11 13:35:41 EDT
Verified.

In Firefox (3.0.7) the token insertion and removal events adds and removes the certificates. Do not have any problem of double pin verification with Gemalto 64 K or Safenet cards, pin verification is requested once.

Note You need to log in before you can comment on or make changes to this bug.