Hello,
I have an application using remoting over TLS with database authentication/authorization.
I want to add a certificate authentication (without removing Database authentication), so I have made some changes in my standalone.xml (I will develop my own verifier in a next step) :
<security-domain name="HelloDomain" cache-type="default"> <authentication> <login-module code="Remoting" flag="optional"> <module-option name="password-stacking" value="useFirstPass"/> </login-module> <login-module code="Certificate" flag="required"> <module-option name="securityDomain" value="HelloDomain"/> <module-option name="verifier" value="org.jboss.security.auth.certs.AnyCertVerifier"/> </login-module> <login-module code="Database" flag="required"> <module-option name="dsJndiName" value="java:jboss/datasources/AnnuaireDS"/> <module-option name="principalsQuery" value="SELECT mdp FROM utilisateur WHERE id_fact=?"/> <module-option name="rolesQuery" value="SELECT r.role, 'Roles' FROM role r INNER JOIN utilisateur u USING (cle_utilisateur) WHERE u.id_fact=?"/> <module-option name="hashAlgorithm" value="SHA-256"/> <module-option name="hashEncoding" value="base64"/> </login-module> </authentication> <jsse keystore-password="JBossPassword" keystore-url="file:/D:/Apps/jboss-as-7.1.3.Final/standalone/configuration/jbossServer.keystore" cipher-suites="TLS_RSA_WITH_AES_128_CBC_SHA" client-auth="true" protocols="TLSv1"/> </security-domain>
Now I don't know what to do on the client side to "use" the client certificate.
Any idea?
Thanks