Seam 2.1.1 GA and Client Certificate

agusmag.agusmag.dimi.uniud.it Feb 11, 2009 12:54 PM

Hi, I'm trying to implement two different authentication methods in a simple web application developed with JBoss 4.2.3.GA and Seam 2.1.1.GA One method uses the standard form based login (redirect to a login.seam page) while the other one uses the data contained in the client certificate (and the user is redirected to crslogin.seam to automate the login). In both case I'would like to leverage Seam Seam security to avoid plain J2EE security.

For the client certificate, I'm not able to read the X509 attribute from the HTTPServletRequest, even if I disable the web:identity-filter (according to
https://jira.jboss.org/jira/browse/JBSEAM-3629).

Do you think it is possible to use Seam security and, at the same time intercept the data contained in the client certificate?

At the moment, I've successfully made the mutual authentication work, but I failed in reading the certificate.

Do you have some links to relevant doucmentation or an alternate solution?

Thanks, Agus.

1. Re: Seam 2.1.1 GA and Client Certificate

qbit42 Jul 1, 2009 3:09 PM (in response to agusmag.agusmag.dimi.uniud.it)

I'm having exactly the same problem. I try to accomplish two different login types, one with the basic login form and one over a client certificate.

Does nobody has a clue how to combine client certificates with seam security?
Actions
2. Re: Seam 2.1.1 GA and Client Certificate

ctomc Jul 1, 2009 5:08 PM (in response to agusmag.agusmag.dimi.uniud.it)

Hi,

I have a working app that has two different login types (online bank) and it works without problems!

The biggest problem was not the seam itself but apache infront of jboss that had to send certificate properly!

What kind of setup do you run you application exactly? where is ssl terminated? Jboss? apache? proxy?
Actions

Go to original post