Further we need to maintain trust stores on Tenant basis.. There can be a case - Tenant-A trusts Service - A and needs to add Service-A's cert to the trust store - currently this is not possible - since we do not have the concept of tenant based trust stores..
Thanks & regards, -Prabath On Fri, Feb 25, 2011 at 1:11 AM, Prabath Siriwardana <prab...@wso2.com>wrote: > Currently - the JGSS API reads these configuration files as system > properties.. So we would be able to setup a single KDC. We need to invest > some time on this to find out a ways of doing this with out system > properties.. > > Same issues exists there when a tenant - for example wants to talk to an > external service secured with Mutual Authentication. Here we are setting a > system property for the key store - and if the external service allows > access to a tenant - that means it should let access to the stratos - in > other words to the all the tenants.. > > Same applies - if some wants to secure a service with mutual auth.. I guess > this is not possible currently per tenant.. > > I have look in to the mutual auth issue - and it is possible to get rid of > the key store system property... we will work on these to get multitenant > ready.. > > Thanks & regards, > -Prabath > > On Fri, Feb 25, 2011 at 12:16 AM, Afkham Azeez <az...@wso2.com> wrote: > >> So, my usual question, how does this work in a multitenant environment? >> How are you going to provide tenant specific conf files? >> >> Azeez >> >> On Thu, Feb 24, 2011 at 11:36 PM, Amila Jayasekara <ami...@wso2.com>wrote: >> >>> Hi All, >>> As some of you may know, there is a Kerberos KDC server with latest IS >>> build. In-order to complete the use case we added kerberos based >>> security scenario to security-mgt component. Now there is a security >>> scenario 16. See screen-shot for more details. Now users can easily >>> secure services using Kerberos security policy by selecting scenario >>> 16. >>> But this change is not yet in trunk as kerberos related rampart >>> changes are not yet in trunk (Currently i am doing changes in 3.0.1 >>> support branch). But hopefully by next week we will be adding these >>> changes to the trunk. >>> >>> Please review the attached screen shot and let me know, if any of the >>> text needs to be changed. >>> >>> Also we need to add two more config files to support, scenario 16. >>> They are krb5.conf (Contains parameters related to requesting ticket) >>> and jaas.conf (Authorization properties). >>> I am planning to add above mentioned files to esb's conf directory. >>> Please let me know if you have any concerns. >>> >>> Also i have a sample which demonstrate the use of KDC in IS and usage >>> of scenario 16, in esb. Since this sample is related to 2 products, i >>> am not sure where should i place the sample. Will be great if you >>> could give feedback on where to place sample program (In IS or ESB ?). >>> >>> Thanks >>> AmilaJ >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> Carbon-dev@wso2.org >>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >> >> >> -- >> *Afkham Azeez* >> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, >> * >> * >> *Member; Apache Software Foundation; >> **http://www.apache.org/*<http://www.apache.org/> >> * >> email: **az...@wso2.com* <az...@wso2.com>* cell: +94 77 3320919 >> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >> * >> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >> * >> * >> *Lean . Enterprise . Middleware* >> >> >> _______________________________________________ >> Carbon-dev mailing list >> Carbon-dev@wso2.org >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > > -- > Thanks & Regards, > Prabath > > http://blog.facilelogin.com > http://RampartFAQ.com > -- Thanks & Regards, Prabath http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev