All;
I am not a developer so don't fully understand all of the configuration
points of apps and Tomcat. I am trying to understand the authN/authZ flow
for candlepin. I don't understand why I am prompted for a username and
password when accessing http[s]://<server>:<port>/candlepin/<something>.
The only places I know to look are web.xml and candlepin.conf. The web.xml
only specifies CLIENT-CERT authentication but tomcat is configured only for
"clientAuth=want" which shouldn't be mandatory. candlepin.conf has:
candlepin.auth.basic.enable = false
candlepin.auth.trusted.enable = false
candlepin.enable_cert_v3=true
candlepin.auth.oauth.enable = true
This seems to show that basic (username/password) authentication is
disabled. I'm assuming that a specification of some other form (cert) of
authentication must fall back to basic if it fails. Where is that
configured and where to the users and roles come from?
Thanks,
-LJK