[ https://issues.apache.org/jira/browse/KNOX-1046?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16176791#comment-16176791 ]
ASF subversion and git services commented on KNOX-1046: ------------------------------------------------------- Commit 5432c872271e42d1ba8981e5f5de2059d5509ba2 in knox's branch refs/heads/master from [~lmccay] [ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=5432c87 ] KNOX-1046 - Add Client Cert Wanted Capability with Configurable Validation that Checks for It > Add Client Cert Wanted Capability with Configurable Validation that Checks > for It > --------------------------------------------------------------------------------- > > Key: KNOX-1046 > URL: https://issues.apache.org/jira/browse/KNOX-1046 > Project: Apache Knox > Issue Type: Bug > Components: Server > Reporter: Larry McCay > Assignee: Larry McCay > Fix For: 0.14.0 > > > While we do have support for requiring CLIENT_CERT it ends up requiring it > for all clients to all services across all topologies. We can add support for > WANTS client cert that will accept it from any client that provides it but > not require it. > We can then add a custom validator for HeaderPreAuth and maybe to combine > with other federation providers to extend our trust model with authentication > of a trusted proxy/app. > It will require a gateway-site.xml config element for 'wants' and a validator > to check for it where required while it not gate requests for endpoints that > don't require it. -- This message was sent by Atlassian JIRA (v6.4.14#64029)