View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0010198 | CTT UA Scripts | 1 - Script Issue | public | 2025-03-06 16:50 | 2025-05-02 18:31 |
| Reporter | Alexander Allmendinger | Assigned To | Sebastian Allmendinger | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | assigned | Resolution | open | ||
| Summary | 0010198: buildUserNameIdentityToken - error encrypting the password! | ||||
| Description | The CTT changes the g.ServerCapabilities.ServerCertificate on different occasions. There appears to be something wrong in some cases which results in a BadInvalidArgument of the UaCryptoProvider when trying to encrypt the password and then sends a null password instead. | ||||
| Additional Information | This can be reproduced with the Milo SDK. | ||||
| Tags | No tags attached. | ||||
| Files Affected | |||||
|
|
Based on notes - this appears to be an issue when security policy is None, but in the security group there are discussion about if for security policy none anything but Anonymous should be allow. I think before we fix this issue we should first sort out what is actually allowed for security Policy None |
|
|
When the security working decides on a specific limits for the UserTokens when using SecurityPolicy None we really should be adding specific testing to test for those requirements. With those special tests for the requirements there wouldn't be a need to delay this change until the is decided. I would suggest to resolve the mantis and allow the CTT to handle the current situation. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2025-03-06 16:50 | Alexander Allmendinger | New Issue | |
| 2025-04-10 15:28 | Paul Hunkar | Assigned To | => Sebastian Allmendinger |
| 2025-04-10 15:28 | Paul Hunkar | Status | new => assigned |
| 2025-05-02 16:01 | Paul Hunkar | Note Added: 0022700 | |
| 2025-05-02 18:31 | Alexander Allmendinger | Note Added: 0022702 |
