3 Replies Latest reply on May 10, 2003 2:47 AM by medthomas

    CLIENT-CERT Authentication Config

    medthomas
    medthomas May 1, 2003 1:00 PM

      Hi,

      I am trying to configure JBoss 3.2.0 to support client authentication.

      I have a test .ear that I have successfully configured to run BASIC authentication over an SSL connection. My goal is to re-configure this to use CLIENT-CERT authentication (over SSL).

      A Google search lead me to a patch to enable support for this within JBoss/that was developed back in Feb this year. Having looked at SourceForge it appears, if I have understood CVS correctly, that this patch was incorporated in JBoss 3.2.0.

      Can anybody tell me how to configure this authentication mechanism and/or point me in the direction of the relevant documentation. I have looked at the JBoss docs available on-line but the latest version covered is 3.0.7.

      Thanks in anticipation for any help.

      Mark

      • 2261 Views
      • Tags:
        • 1. Re: CLIENT-CERT Authentication Config
          bartvh
          bartvh May 2, 2003 8:34 AM (in response to medthomas)

          From looking at the source release, an updated version of the patch (you are talking about the 'jetty' patch aren't you?) has been applied in 3.2.0.

          However, I have my questions about the behaviour. I have a simple servlet that just prints out the getCallerPrincipal() and getRemoteUser(). The result to me is not very useable, because you simply get a string representation with the serial number of the certificate, and the DN of the CA that issued the certificate.

          It would be nice if I could at least write a LoginModule where i can get the certificate objects. I tried to create one but I fail to see how I could get a hold of these objects.

            • Actions
          • 2. Re: CLIENT-CERT Authentication Config
            didi1976
            didi1976 May 9, 2003 4:15 AM (in response to medthomas)

            Hi,

            here is a simple skelleton of a Login Module which you could use.

            The Credential contains the CertificateChain.

            Just put your checks within the login-method and return the roles for the user in the getRoleSet-method.

            I have tested it with 3.2.0 + Tomcat 4.1.24 but I did some modifications on JBossSecurityMgrRealm.java to get it working. This modifications are already commited to 3.2.1 but I did not have time to check that till now.

            Didi

              • Actions
            • 3. Re: CLIENT-CERT Authentication Config
              medthomas
              medthomas May 10, 2003 2:47 AM (in response to medthomas)

              Didi,

              Thanks for your help. I have upgraded to 3.2.1 with tomcat 4.1.24 and have managed to get it working although not quite in the way I expected (request.getRemoteUser() returns cert serial + issuer DN). I am not sure that this is standard behaviour. I am planning to have a look at this and your login module this weekend.

              Mark

                • Actions