0 Replies Latest reply on Oct 17, 2013 12:41 AM by carlos camargo

    client certification authentication on Jboss 7

    carlos camargo Newbie

      Hi, I am configuring client certified authentication on JBoss EAP 6.1.0.GA (AS 7.2.0.Final-redhat-8) and always I get the 401 error:

      “JBWEB000065: HTTP Status 401 - JBWEB000010: Cannot authenticate with the provided credentials”

       

      In standalone.xml I have configured the ApplicationRealm with the truststore, I followed the documentation (https://docs.jboss.org/author/display/AS72/Security+Realms), this is the text:

       

      <security-realm name="ApplicationRealm">

                      <server-identities>

                                     <ssl>

                                       <keystore path="keystore/server.keystore" relative-to="jboss.server.config.dir" password="jboss123" alias="jboss" key-password="jboss123" />

                                     </ssl>

                      </server-identities>

                      <authentication>

                                     <truststore path="server.truststore" relative-to="jboss.server.config.dir" password="jboss123" />

                      </authentication>         

      </security-realm>

       

      The "urn:jboss:domain" subsystem was configuring with https:

       

      <subsystem xmlns="urn:jboss:domain:web:1.4" default-virtual-server="default-host" native="false">

                      <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>

                      <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">

                                     <ssl name="https" key-alias="jboss" password="jboss123" certificate-key-file="D:/software/jboss/jboss-eap-6.1-s3/standalone/configuration/keystore/server.keystore" verify-client="false"/>

                      </connector>

                      <virtual-server name="default-host" enable-welcome-root="true">

                                     <alias name="localhost"/>

                                     <alias name="example.com"/>

                      </virtual-server>

      </subsystem>

       

      The application has a web.xml configured with client-cert:

      <!-- Restriccion de acceso -->

             <security-constraint>

                   <display-name>restriccion-certificados-cliente</display-name>

                   <web-resource-collection>

                          <web-resource-name>Autenticacion con certificados</web-resource-name>

                          <description>paginas de acceso por certificado de clientes</description>

                          <url-pattern>/*</url-pattern>

                   </web-resource-collection>

                   <auth-constraint>

                          <description>User</description>

                          <role-name>User</role-name>

                   </auth-constraint>

             </security-constraint>

       

      <!-- Security roles used by this web application -->

             <security-role>

                   <role-name>User</role-name>

             </security-role>

            

             <!-- Configuracion de autenticacion -->

             <login-config>

                   <auth-method>CLIENT-CERT</auth-method>

                   <realm-name>ApplicationRealm</realm-name>

                  

             </login-config>    

       

      I installed the certificate on chrome and IE; When I try to access to application, the server requests the certificate and I select it. next the error is showing.

      JBWEB000309: type JBWEB000067: Status report

      JBWEB000068: message JBWEB000010: Cannot authenticate with the provided credentials

      JBWEB000069: description JBWEB000121: This request requires HTTP authentication.

       

      I saved the certificate in the truststore with the alias juan, but I have tried with the dn "CN=juan,OU=app,O=javeriana,L=bog,S=edu,C=CO" how alias.