1 Reply Latest reply on Oct 14, 2013 2:40 PM by dward

    X509 Client Authentication

    jimrigsbee
    jimrigsbee Oct 14, 2013 2:18 PM

      I note from the quickstart policy-security-cert that we set a property "alias" in the <domain>,<security> section of the switchyard.xml.  I assume this means compare the certificate passed with the certificate in the keystore associated with the domain at alias xyz.  First, is that correct?

       

      Secondly, if I issue multiple client certificates and want each one to have access (succesfully authenticate) then how would that work?

       

      Thanks,

      Jim

      Middleware Curriculum Architect

      Red Hat, Inc.

      • 485 Views
      • Tags:
        • 1. Re: X509 Client Authentication
          dward
          dward Oct 14, 2013 2:40 PM (in response to jimrigsbee)

          Yes, the alias property is given to the CertificateCallbackHandler, which is then used by the CertificateLoginModule to retrieve the proper certificate from the key store.

           

          Right now our ootb impl only provides verification against one certificate.  It's possible for you to write your own combination of CallbackHandler (configured in switchyard.xml) and LoginModule (configured in the jaas security domain login module stack is as7) impls to do what you want, though.

            • Actions