Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.6.0
    • Component/s: None
    • Labels:
      None
    • Issue discovered during:
      Ad Hoc

      Description

      Not requested yet, so more of a future nice to have:

      It would make sense to allow certain unauthenticated operations only over HTTPS for example when sensitive information might be entered.

      Currently the PublicAccessAuthenticationToken has the PublicAccessMatchValue.NONE(0).

      It would be better with
      PublicAccessMatchValue.TRANSPORT_ANY(0)
      PublicAccessMatchValue.TRANSPORT_PLAIN(1)
      PublicAccessMatchValue.TRANSPORT_CONFIDENTIAL(2)
      so for example download of CRLs could be HTTP enabled, but enrollment requires HTTPS.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              johan Johan Eklund
              Reporter:
              johan Johan Eklund
              Verified by:
              Johan Eklund, Samuel Lidén Borell
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: