0 Replies Latest reply on Oct 17, 2012 12:06 PM by renz13

    Remoting and Certificate Authentication on AS 7.1.3

    renz13 Newbie

      Hello,

       

      I have an application using remoting over TLS with database authentication/authorization.

      I want to add a certificate authentication (without removing Database authentication), so I have made some changes in my standalone.xml (I will develop my own verifier in a next step) :

       

       

      <security-domain name="HelloDomain" cache-type="default">
                          <authentication>
                              <login-module code="Remoting" flag="optional">
                                  <module-option name="password-stacking" value="useFirstPass"/>
                              </login-module>
                              <login-module code="Certificate" flag="required">
                                  <module-option name="securityDomain" value="HelloDomain"/>
                                  <module-option name="verifier" value="org.jboss.security.auth.certs.AnyCertVerifier"/>
                              </login-module>
                              <login-module code="Database" flag="required">
                                  <module-option name="dsJndiName" value="java:jboss/datasources/AnnuaireDS"/>
                                  <module-option name="principalsQuery" value="SELECT mdp FROM utilisateur WHERE id_fact=?"/>
                                  <module-option name="rolesQuery" value="SELECT r.role, 'Roles' FROM role r INNER JOIN utilisateur u USING (cle_utilisateur) WHERE u.id_fact=?"/>
                                  <module-option name="hashAlgorithm" value="SHA-256"/>
                                  <module-option name="hashEncoding" value="base64"/>
                              </login-module>
                          </authentication>
                          <jsse keystore-password="JBossPassword" keystore-url="file:/D:/Apps/jboss-as-7.1.3.Final/standalone/configuration/jbossServer.keystore" cipher-suites="TLS_RSA_WITH_AES_128_CBC_SHA" client-auth="true" protocols="TLSv1"/>
                      </security-domain>
      

       

       

      Now I don't know what to do on the client side to "use" the client certificate.

      Any idea?

       

      Thanks