Odg: Certificate based authorization - CN authorization in jmx

2020-05-29 Thread Mario Kevo 
Hi all,

Kindly reminder on this question.
Thanks in an advance!

BR,
Mario

Å alje: Mario Kevo 
Poslano: 22. svibnja 2020. 13:56
Prima: dev@geode.apache.org 
Predmet: Certificate based authorization - CN authorization in jmx

Hi geode-dev,

We are working on implementing a new feature regarding to this 
RFC<https://cwiki.apache.org/confluence/display/GEODE/Certificate+Based+Authorization>.

The main idea is to combine the TLS and access control features, but to use the 
certificate subject common name for access control authentication/authorization 
instead of user credentials.
We need to get client certificate on the server side to extract common name 
from it. The problem is that gfsh client connects towards to jmx using RMI TCP 
connections. We have tried many things to get client certificate from 
established RMI Connection but unfortunately without success.

Did anyone have the similar problem and able to extract certificate from RMI 
Connection after TLS handshake has been completed?

BR,
Mario

Certificate based authorization - CN authorization in jmx

2020-05-22 Thread Mario Kevo 
Hi geode-dev,

We are working on implementing a new feature regarding to this 
RFC.

The main idea is to combine the TLS and access control features, but to use the 
certificate subject common name for access control authentication/authorization 
instead of user credentials.
We need to get client certificate on the server side to extract common name 
from it. The problem is that gfsh client connects towards to jmx using RMI TCP 
connections. We have tried many things to get client certificate from 
established RMI Connection but unfortunately without success.

Did anyone have the similar problem and able to extract certificate from RMI 
Connection after TLS handshake has been completed?

BR,
Mario