[jboss-user] [Security & JAAS/JBoss] - Re: CLIENT-CERT configuration
Hello, I have read the three pages (the first two I have already read before), but they didn't bring any help. I added | | | | to log4j.xml but still I don't see any logging. Also, I noticed that when I invoke my servlet through https I get "HTTP Status 401 - Cannot authenticate with the provided credentials", and when I invoke it through http I get "HTTP Status 400 - No client certificate chain in this request". I'm still not sure what certificates should be where - files, that is. I assume that server.keystore should contain both server and authorized clients certificates? And that file should be in /serfer/all/conf? -- Cheers, Adam View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3959298#3959298 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3959298 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: CLIENT-CERT configuration
Adam, see http://wiki.jboss.org/wiki/Wiki.jsp?page=BaseCertLoginModule , http://wiki.jboss.org/wiki/Wiki.jsp?page=JBossSX , and http://wiki.jboss.org/wiki/Wiki.jsp?page=Logging. cgriffith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3958959#3958959 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3958959 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: CLIENT-CERT configuration
Hello, thanks for the link, that clarified a little. Now I'm wondering - where do I put the certificates (server ones - server.keystore file)? Do I bundle them with the web application or put it in the conf directory (I tried both, with the same effect). I'm not sure also what does "The localhost.keystore would need this cert stored with an alias of CN=unit-tests-client, OU=JBoss Inc., O=JBoss Inc., ST=Washington, C=US and the jmx-console-roles.properties would also need an entry for the same entry." mean - from the manual - should I import the client certifiacte to server.keystore? Finally, how do you enable trace logging of JBoss Security? I tried adding to log4j.xml: | | | | but that didn't help :) Thanks, Adam View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3958955#3958955 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3958955 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: CLIENT-CERT configuration
Adam, First off, see my comments at http://www.jboss.com/index.html?module=bb&op=viewtopic&t=86289. SSL vs. CLIENT-CERT authentication are two separate issues. That said, we would need to see some trace logging of JBoss security at the point when a user attempts to access secured resource to see what is going on. cgriffith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3958950#3958950 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3958950 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user