Shouldn't STS delegate certificate authentication to the underlying JAAS system ?
On Mon, Mar 4, 2013 at 12:06 PM, Christian Schneider < ch...@die-schneider.net> wrote: > I am currently working on a authentication setup where a client > authenticates against a STS (Security Token Service) using certificate > based authentication. > > In this case the STS already authenticates the user in the ws-security > layer. > I want to add functionality to the CXF STS to fetch the user roles using > JAAS. So I need JAAS login modules for properties and ldap that do not do > authentication and instead only fetch the roles. > > Does it make sense to add this to the karaf jaas modules? > > I can think of either providing separate classes for this case or > introduce a switch to turn off the authentication part. > > Christian > > -- > Christian Schneider > http://www.liquid-reality.de > > Open Source Architect > http://www.talend.com > > -- ------------------------ Guillaume Nodet ------------------------ Red Hat, Open Source Integration Email: gno...@redhat.com Web: http://fusesource.com Blog: http://gnodet.blogspot.com/
