Comments (6)
@ripienaar The client actually implements PENDING
. I added it there because MS SCEP server server supports manual approval.
scep/cmd/scepclient/scepclient.go
Lines 209 to 212 in 528937a
As far as server side, the reason it's not implemented is because the initial purpose of the SCEP server is for macOS enrollments, with device provisioning at the loginwindow. Sending a PENDING response there would break the desired UX for the user.
I wouldn't be opposed to implementing it server side. Can you explain the use-case better? Are you looking for a manual approval workflow? Would defaulting to a Pending state and adding an /approve
endpoint on the server work?
from scep.
Yeah I saw it in the client and went looking for the server side equivalent feature with no luck
I wish to do mass enrolment of 100s of thousands of nodes. Most nodes I can auto approve based on let’s say a pattern match of cname (any fqdn in our domain). Some though are users and not machines and those I need to hand approve
So I imagine something that I can run like the verifier that returns 0 for APPROVE, 1 for PENDING and 2 for REJECT is easy way and if it’s a nice interface then for my use case I can implement a Go class to do this while using your server code as a library. Perhaps even extend the current verifier in this way?
The /approve end point is also a good idea though obviously would require auth. I think it’s key that there is a hook to programmatically decide if a incoming request is auto approve or not.
from scep.
@ripienaar is this still interesting to you? Sorry the issue has been idle for so long. I'm looking at a batch of things I can pick up to improve over the holidays.
from scep.
@groob in theory - but I have another solution, so like I have not been holding my breath :P
from scep.
@groob if you still plan on having a look at it I'm interested as well with a PENDING response from the server
from scep.
We would be interested in this too. We're interested in a downstream project, called step-ca. I've put an issue about manual approvals there too.
from scep.
Related Issues (20)
- Revocation Endpoint HOT 2
- Feature Request - Adding Key Attributes to CSR (SCEP Client) HOT 3
- github.com/boltdb/bolt switch to github.com/etcd-io/bbolt? HOT 1
- Openssl revoke doesn't work with index.txt HOT 2
- Is it possible to configure SCEP to get certificate from Let's Encrypt? HOT 2
- docker server not start with PKCS#8 key HOT 1
- TestGenerateSubjectKeyID fails HOT 1
- Official Release? HOT 1
- Juniper SRX Compatibility HOT 3
- Enrollment from CISCO Router HOT 6
- Implementing PKCS11 HOT 2
- DES default HOT 2
- Proxy Implementation HOT 2
- Custom SCEP Client works for NDES, not GO SCEP Server HOT 18
- Compatibility with OpenXPKI HOT 1
- support SM2 ? HOT 4
- Include challenge password into CSR HOT 1
- Unable to enroll second device after enrolling one device (with nanomdm) HOT 5
- SCEP Server Error : "failed to sign CSR" HOT 3
- Certificate renewal verification not working as expected HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scep.