Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-647

Improve feedback to administrators if login to EJBCA Admin GUI fails.

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Won't Do
    • Affects Version/s: EJBCA 3.5.2
    • Fix Version/s: None
    • Component/s: CA GUI
    • Labels:
      None

      Description

      If an administrator fails to login to the EJBCA Admin GUI the error-message is cryptic at best. To help unexperienced EJBCA admins the feedback needs to be improved.

      If possible, tomcat should redirect failed https-sessions to a http error page with a message like
      "None of your client-certificates is issued by a CA that is trusted by EJBCA.

      This could be caused by
      1. You are not supposed to be able to access this page.
      2. The issuing CA has not been added to the application server truststore.
      3. The application server has not yet picked up the changes in the truststore. (Might require application server restart.)"

      If the login fails later, EJBCA should try to analyze the client certificate and present the user with a reason and if possible a solution.
      "Your used client-certificate with serial number XXX is revoked..."
      "Your used client-certificate is not part of any admin group..."
      etc

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              johan Johan Eklund
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: