After changing the cert in the ELB we were able to achieve the mutual auth between ELB and AS. But the requirement was to get the auth working between ESB and the AS (bypassing the ELb). For this, the ideal solution would be SSL Tunneling. So I'll investigate on that topic and see what we can do.
Thanks. On Mon, May 12, 2014 at 8:17 PM, Amila Maha Arachchi <ami...@wso2.com>wrote: > Hi Nalin, > > Good. We need to do one more thing. That is, to change the certificate of > the ELB and then see what needs to be done to get mutual auth working. > > > On Mon, May 12, 2014 at 6:12 PM, Nalin Chandraratne <na...@wso2.com>wrote: > >> Hi Shariq, >> >> Seems like the experiment is successful. >> >> I put the mutualAuthenticator jar to the AS and invoked an admin service >> of AS, fronted by ELB, from a proxy service of ESB. >> >> I set the soap header as following in the request. >> >> <inSequence> >> <header> >> <m:UserName xmlns:m="http://mutualssl.carbon.wso2.org >> ">admin</m:UserName> >> </header> >> <send> >> <endpoint> >> <address uri=" >> https://localhost:8245/services/ServiceAdmin"/> >> </endpoint> >> </send> >> </inSequence> >> >> By doing the above, I was able to successfully invoke the admin service. >> Further, I remote debugged the MutualSSLAuthenticator class as you >> mentioned and verified that isAuthenticated() method returns true. >> >> Thanks. >> >> >> >> On Fri, May 9, 2014 at 6:00 PM, Nalin Chandraratne <na...@wso2.com>wrote: >> >>> Hi Amila, >>> >>> I'm still in the process of doing the $subject. As per the discussion >>> had with Shariq, even though we enabled the ClientAuth=true in AS, it >>> doesn't do what we expect. It uses a Rampart Authenticator and what we want >>> is the MutualSSLAuthenticator class to get used. So we have changed the >>> experiment. >>> >>> Now what we are trying to do is, invoke an admin service in the AS from >>> an ESB service. Because as shariq mentioned, this call should invoke the >>> above mentioned MutualSSLAuthenticator class. Only after setting this >>> environment properly, I can proceed with the ELB experiment. >>> >>> Thanks. >>> >>> -- >>> Nalin Chamara >>> Software Engineer >>> 071-56-147-56 >>> >> >> >> >> -- >> Nalin Chamara >> Software Engineer >> 071-56-147-56 >> > > > > -- > *Amila Maharachchi* > Senior Technical Lead > WSO2, Inc.; http://wso2.com > > Blog: http://maharachchi.blogspot.com > Mobile: +94719371446 > > -- Nalin Chamara Software Engineer 071-56-147-56
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
