Certificate-based mutual authentication
knr Sep 12, 2014 4:22 AMHi,
I'm facing difficulties to configure the Jboss Server 8.1 and the web-application to accept certificate authentication.
According to https://docs.jboss.org/author/display/WFLY8/Authentication+Modules I should configure a security-domain login module in the standalone.xml as follow:
<security-domain name="RequireCertificateDomain">
<authentication>
<login-module code="Certificate" flag="required">
<module-option name="securityDomain" value="RequireCertificateDomain"/>
<module-option name="verifier" value="org.jboss.security.auth.certs.X509CertificateVerifier"/>
</login-module>
</authentication>
</security-domain>
P.S: tried as well org.jboss.security.auth.certs.AnyCertVerifier
In order to verify the client's credententials (mutual authentication) I configured the truststore under the <security-realm...
<security-realm name="UndertowRealm">
<server-identities>
<ssl>
<keystore path="${project.basedir}/target/filtered-wildfly/my.keystore" keystore-password="xxx" alias="alias_name" key-password="xyy"/>
</ssl>
</server-identities>
<authentication>
<truststore path="${project.basedir}/target/filtered-wildfly/my.keystore" keystore-password="zha"/>
</authentication>
</security-realm>
under webapp I added a file called jboss-web.xml
<jboss-web>
<security-domain>RequireCertificateDomain</security-domain>
</jboss-web>
and the <login-config> inside web.xml has been changed to
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
However I'm getting various errors, among them ...
PBOX000248: Failed to create X509CertificateVerifier: java.lang.InstantiationException: org.jboss.security.auth.certs.X509CertificateVerifier
at java.lang.Class.newInstance(Class.java:359) [rt.jar:1.7.0_60]
at org.jboss.security.auth.spi.BaseCertLoginModule.initialize(BaseCertLoginModule.java:148) [picketbox-4.0.21.Beta1.jar:4.0.21.Beta1]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_60]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_60]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcc
: Failed to validate certificate: SecurityDomain, Keystore or certificate is null
Any experience in configuring certificate-based mutual authentication on JBoss WildFly
Thx for the support