Security Bug fixes
- Cert based authentication had a bug fix to by pass it(A small chance)
Features
- Long live sessions to support client program
- Cert based authentication
- Loading SSL certificate for web page from host folder
Hello,
This sounds great… Can you just give some simple guide to cert base authentification set up.
client clicks options and activates Login with certificate
If you want to disable certificate based logins /settings/PKI/Intermedia Certificates, find and disable authentication intermediates
Hello,
I placed that CA in personal and root also (and cert I setted for user), and also imported it into web browser… but still when I click login it just open login page ? Do you have some more info about setting this feature ?
Do you have FerrumGate Intermediate Authentication Certificate? If you edit it. delete and create new one.
Then check on the client program use Certificate should work. If it does not work find user, and delete the user Certificate on Authentication methods.
For web Certificate, It is all about web page certificate, It does not related to authentication.
Also following on the server logs could help
docker ps|grep rest.portal → get container id
docker logs -f $CONTAINER_ID
Hello,
As I tested here are my observations: When I start agent it ask me to enter user/password and MFA, after disconecting and again connecting it automaticaly connect. After exiting agent and again starting it, it again ask for user/pass.
I deleted intermidiat and installed new, also deteled user cert and set to use intermidiat.
Can you tell me is agent created to ask for password and MFA when login with cert is selected ? I understand that agent if is using cert need to use some from trusted store and always login with it or I am wrong ?
After successfull login with password, public cert is downloaded and saved on computer as encrypted by computer. When client tries to connect if it has certificate, it tries it. if fails goes on with password. please check client logs
I am checking it again. It seems there is a problem. I will fix it
I have found the problem. When the configure stage , system is creating a Root CA in the system. that you cannot see on any screen. it seems that sometimes
configure step is executing twice. Because of this Root CA is changing. and it is breaking the Cert chains.
Solutiion at this step:
- Delete all Intermediate certificates
- Create a new Auth type Intermedia Certificate (No need for TLS)
- Go to the user and delete its certificate
- Try again,(client software should ask password once)
Hello,
I did what you said, delete all inter auth certificates and created new, also deleted all user cert… but I am i client logs seeing this error like it can not download cert…and logs from server you send me to look on is not giving much
I have fixed something about, multiple certificate problem. It should work after this fix as I tested.
If this is a test environment, please try a new fresh one.
other wise
please type on ferrumgate server
docker push ferrumgate/rest.portal:2.1.0
docker push ferrumgate/ui.portal:2.1.0
docker pull ferrumgate/job.task:2.1.0
docker pull ferrumgate/job.log:2.1.0
docker pull ferrumgate/job.admin:2.1.0
ferrumgate --restart
this should fix
Hi,
I reinstalled 2.1.0 server and new agent… I user default administrator user to test now cert login (i didnt change any PKI or user cert)… it is still giving me in client logs 401 error on cert login
It said downloading certificate on first login, but on second gave this error and redirect to web login
