On 04.03.2013 12:11, Guillaume Nodet wrote:
Shouldn't STS delegate certificate authentication to the underlying JAAS
system ?
I also thought about this but at the moment STS uses policies to define
the auth method. So ws-security automatically kicks in. Of course we
could use a custom
validator that delegates to JAAS. In this case we would have to define a
way to forward all credentials to JAAS (like Certificate and Signature).
Independent of this possibility what do you think about making the
authentication part switchable? I think this could help for other cases
too where e.g. you want to authenticate using ldap but have roles in a
db or similar.
Christian
--
Christian Schneider
http://www.liquid-reality.de
Open Source Architect
http://www.talend.com
