client certification authentication on Jboss 7
carlos.camargo Oct 17, 2013 12:41 AMHi, I am configuring client certified authentication on JBoss EAP 6.1.0.GA (AS 7.2.0.Final-redhat-8) and always I get the 401 error:
“JBWEB000065: HTTP Status 401 - JBWEB000010: Cannot authenticate with the provided credentials”
In standalone.xml I have configured the ApplicationRealm with the truststore, I followed the documentation (https://docs.jboss.org/author/display/AS72/Security+Realms), this is the text:
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="keystore/server.keystore" relative-to="jboss.server.config.dir" password="jboss123" alias="jboss" key-password="jboss123" />
</ssl>
</server-identities>
<authentication>
<truststore path="server.truststore" relative-to="jboss.server.config.dir" password="jboss123" />
</authentication>
</security-realm>
The "urn:jboss:domain" subsystem was configuring with https:
<subsystem xmlns="urn:jboss:domain:web:1.4" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="https" key-alias="jboss" password="jboss123" certificate-key-file="D:/software/jboss/jboss-eap-6.1-s3/standalone/configuration/keystore/server.keystore" verify-client="false"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
The application has a web.xml configured with client-cert:
<!-- Restriccion de acceso -->
<security-constraint>
<display-name>restriccion-certificados-cliente</display-name>
<web-resource-collection>
<web-resource-name>Autenticacion con certificados</web-resource-name>
<description>paginas de acceso por certificado de clientes</description>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>User</description>
<role-name>User</role-name>
</auth-constraint>
</security-constraint>
<!-- Security roles used by this web application -->
<security-role>
<role-name>User</role-name>
</security-role>
<!-- Configuracion de autenticacion -->
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>ApplicationRealm</realm-name>
</login-config>
I installed the certificate on chrome and IE; When I try to access to application, the server requests the certificate and I select it. next the error is showing.
JBWEB000309: type JBWEB000067: Status report
JBWEB000068: message JBWEB000010: Cannot authenticate with the provided credentials
JBWEB000069: description JBWEB000121: This request requires HTTP authentication.
I saved the certificate in the truststore with the alias juan, but I have tried with the dn "CN=juan,OU=app,O=javeriana,L=bog,S=edu,C=CO" how alias.
-
server.truststore.zip 2.8 KB
-
server.keystore.zip 2.2 KB
-
standalone.xml 15.3 KB