Larry McCay created KNOX-1046:
---------------------------------
Summary: Add Client Cert Wanted Capability with Configurable
Validation that Checks for It
Key: KNOX-1046
URL: https://issues.apache.org/jira/browse/KNOX-1046
Project: Apache Knox
Issue Type: Bug
Components: Server
Reporter: Larry McCay
Assignee: Larry McCay
Fix For: 0.14.0
While we do have support for requiring CLIENT_CERT it ends up requiring it for
all clients to all services across all topologies. We can add support for WANTS
client cert that will accept it from any client that provides it but not
require it.
We can then add a custom validator for HeaderPreAuth and maybe to combine with
other federation providers to extend our trust model with authentication of a
trusted proxy/app.
It will require a gateway-site.xml config element for 'wants' and a validator
to check for it where required while it not gate requests for endpoints that
don't require it.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
