Hi there Nan, I don't think that Authentication mechanism can use the SSL credentials for user authentication. Mutual SSL authentication just makes sure that the client and server trust one another. So you can say that you trust the client but you cannot limit what he is authorized to do. In order for you to add user authorization you will have to follow the steps that Jens sent on how to implement authentication.
--Udo On Wed, Jan 17, 2018 at 12:01 PM, Xu, Nan <[email protected]> wrote: > Here is what I am trying to do > > > > The client to geode already setup as 2 way authentication at SSL, so a > secured transport already been built. > > > > At application layer, instead of using username and password, can I reuse > the ssl authentication to authenticate the user)? Or this is totally wrong? > > > > Thanks, > > Nan > > > > *From:* Jinmei Liao [mailto:[email protected]] > *Sent:* Wednesday, January 17, 2018 12:38 PM > *To:* [email protected] > *Subject:* Re: geode authentication > > > > Are you talking about SSL on the tcp layer, or the application layer > authentication? AuthIntitialize produces a Property object and > SecurityManager authenticate with a Property object. Theoretically, it > should take what every you put in the property object. > > > > On Wed, Jan 17, 2018 at 10:09 AM, Xu, Nan <[email protected]> wrote: > > Yes, I do, but still unclear to me how a certificate can be used. > > > > I implement the AuthInitialize interface, but this only take username and > password, how do I get a TLS context? > > > > Thanks, > > Nan > > > > *From:* Jens Deppe [mailto:[email protected]] > *Sent:* Wednesday, January 17, 2018 11:34 AM > *To:* [email protected] > *Subject:* Re: geode authentication > > > > Hi Nan, > > > > Have you looked at this bit of documentation https://gemfire. > docs.pivotal.io/geode/managing/security/implementing_authentication.html > <https://urldefense.proofpoint.com/v2/url?u=https-3A__gemfire.docs.pivotal.io_geode_managing_security_implementing-5Fauthentication.html&d=DwMFaQ&c=SFszdw3oxIkTvaP4xmzq_apLU3uL-3SxdAPNkldf__Q&r=HB5LZowSGF4DiMmOUsCX6Q&m=ecgOvdXyuXgcTZrgn8COy1k2UBmTeubm3cwOb8MI2Hk&s=inuT9Horl2W6wH-CYu_G4zxcVl3ODZSBUPBTWcY3MmM&e=> > ? > > > > --Jens > > > > On Wed, Jan 17, 2018 at 9:29 AM, Xu, Nan <[email protected]> wrote: > > Not sure how geode can authenticate a user using a certificate + private > key , don't see an api/callback at server side to get the client principle, > can someone point me out ? > > Thanks, > Nan > > ---------------------------------------------------------------------- > This message, and any attachments, is for the intended recipient(s) only, > may contain information that is privileged, confidential and/or proprietary > and subject to important terms and conditions available at > http://www.bankofamerica.com/emaildisclaimer. If you are not the > intended recipient, please delete this message. > > > ------------------------------ > > This message, and any attachments, is for the intended recipient(s) only, > may contain information that is privileged, confidential and/or proprietary > and subject to important terms and conditions available at > http://www.bankofamerica.com/emaildisclaimer. If you are not the intended > recipient, please delete this message. > > > > > > -- > > Cheers > > > > Jinmei > ------------------------------ > This message, and any attachments, is for the intended recipient(s) only, > may contain information that is privileged, confidential and/or proprietary > and subject to important terms and conditions available at > http://www.bankofamerica.com/emaildisclaimer. If you are not the intended > recipient, please delete this message. >
