Closed tvdijen closed 4 years ago
pablothedude
commented
4 years ago Hi Tim, thanks for the report. I've created a PR with a fix for the described issue. https://github.com/OpenConext/OpenConext-engineblock/pull/853
Are you able to verify if this will work for you? I'll try to do my best to let this land in the next patch version of 6.2.
tvdijen
commented
4 years ago No bueno.. If left out from the configuration it will try and load /etc/openconext/engineblock.crt.
It's still the same assertion failing, so that means it must be fed with some default value elsewhere.
pablothedude
commented
4 years ago Hi Tim, the validation is moved from the constructor completely. The validation now only happens JIT when an entity is configured to use the Stepup callout functionality. So if you don't configure it it won't get validated. This should help you and would suit the majority of the Openconext users.
https://github.com/OpenConext/OpenConext-engineblock/pull/853
I wanted to let you know this just landed in the latest release:
https://github.com/OpenConext/OpenConext-engineblock/releases/tag/6.2.1
tvdijen
commented
4 years ago Great, thanks @pablothedude !
thijskh
commented
4 years ago Fixed in EB 6.2.1.
This may already been covered by the migration from
/etc/openconext/engineblock.inito YAML config file, but in that case this issue may be kept for future reference to other people bumping into this issue. It probably exists as of 5.13 where the new stepup-functionality was added.Case:
/etc/openconext/engineblock.crtlocation.Composer install went fine, but on accessing EB from the browser in an authflow the following error occured:
I'd argue that EB should be perfectly usable without any of the Stepup-stuff configured.. I eventually solved it by setting
stepup.gateway.sfo.keyFileto an actual certificate.. The other stepup-settings are still left out and it's working fine now.Perhaps changing the default for this setting to the value of
encryption.keys.default.publicFilewould be a solid fix?