Hello there.
I wonder what happened to my topic that I posted yesterday (25.)!?!
But that is not the major problem I am struggling with. The past days I made several
desperate efforts to use mutual authentication via certificates.
The SSL handshake works so far - no problem here. But I need to use the content of the
client-certificate which is sent to the server for more specific authorization with
role-based information from property files (UsersRolesLoginModule).
Here are some snippets of the current project:
- the connector in the jboss-service.xml of the built-in Tomcat:
| <Connector className = "org.apache.coyote.tomcat4.CoyoteConnector"
| address="${jboss.bind.address}" port = "8443" scheme = "https"
secure = "true">
| <Factory className =
"org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
| keystoreFile=".../server.ks"
| keystorePass="keystorepass"
| clientAuth="true"
| protocol = "TLS"/>
| </Connector>
|
As you see the attribute "clientAuth" is set to "true".
- the application 's deployment descriptor (web.xml):
| <user-data-constraint>
| <transport-guarantee>CONFIDENTIAL</transport-guarantee>
| </user-data-constraint>
| </security-constraint>
|
| <login-config>
| <auth-method>CLIENT-CERT</auth-method>
| <realm-name>Default</realm-name>
| </login-config>
|
The web module itself should use client-certificate-based authentication for the
resources specified in the security-constraint element.
I use the UsersRolesLoginModule which is declared in conf/login-config.xml. And I
suppose that the problem starts right there.
What I try to do is using client-cerificates combined with security-roles. Therefore I
specifiy usernames and the associated roles within users.properties and
roles.properties, respectively. But I am not sure how to name the users?
-> My first try was to use the "common name" of the certificate (e.g. "client1").
-> Secondly I tried the complete "distinguished name" (e.g.
"cn\=client1,ou\=org_unit,o\=org,l\=city,st\=state,c\=de")
As you can easily guess neither the first nor the second attempt was successful.
Maybe the UsersRolesLoginModule is not capable of extracting data from the
certificate. What about the database login module if property files cannot be used?
The internet does not seem to have an answer for this problem. ;o( So please help...
A huge THX in advance
Matthias Falkenberg aka skyfalke.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3836167#3836167
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3836167
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
