Lukasz, Pax-Web should work with Certificates already, it just needs a proper combination of the authentication which should be done by Pax-Web and the authorization which should be done by the JAAS part of Karaf.
regards, Achim 2013/2/20 Łukasz Dywicki <[email protected]> > I think you may get this with chaining JAAS login modules in login context > configuration, however we don't ship certificate login module yet. > > Which certificate login module do you use now? > > Lukasz > > Wiadomość napisana przez Achim Nierbeck <[email protected]> w dniu > 20 lut 2013, o godz. 11:20: > > Hi Lars, > > I'm sure it's possible. Do you have a working "simple" Application that > already works on a std. jetty? > If so, try to port those things needed to karaf. > Karaf supports JAAS so if you are able to get your JAAS configuration > working I'm sure it's a easy move over. > > To my understanding the user attached to the certificate needs to be know > in the jaas part. > Since the authentication is done via certificate the JAAS part is only > needed for the authorization. > > Regards, Achim > > > 2013/2/19 helander <[email protected]> > >> Hi, >> I am connecting to a web application in Karaf using https and a client >> certificate and it works fine. >> Now I want to associate the authenticated client with a set of roles >> defined >> in a JAAS login module, e.g. in user.properties or via LDAP. Is this >> possible? How to set it up? What "user" name could be used, e.g. what part >> of the client certificate would the user identity be selected from? >> >> Any help is highly appreciated. >> >> Thanks >> >> Lars >> >> >> >> -- >> View this message in context: >> http://karaf.922171.n3.nabble.com/Https-2-way-authentication-and-JAAS-tp4027804.html >> Sent from the Karaf - User mailing list archive at Nabble.com. >> > > > > -- > > Apache Karaf <http://karaf.apache.org/> Committer & PMC > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & > Project Lead > OPS4J Pax for Vaadin <http://team.ops4j.org/wiki/display/PAXVAADIN/Home> > Commiter & Project Lead > blog <http://notizblog.nierbeck.de/> > > > -- Apache Karaf <http://karaf.apache.org/> Committer & PMC OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead OPS4J Pax for Vaadin <http://team.ops4j.org/wiki/display/PAXVAADIN/Home> Commiter & Project Lead blog <http://notizblog.nierbeck.de/>
