1 Reply Latest reply on Jan 21, 2016 4:46 AM by Guido Spadotto

    Certificate-based mutual authentication

    rainer knupfer Newbie

      Hi,

      I'm facing difficulties to configure the Jboss Server 8.1 and the web-application to accept certificate authentication.

       

      According to https://docs.jboss.org/author/display/WFLY8/Authentication+Modules I should configure a security-domain login module in the standalone.xml as follow:


      <security-domain name="RequireCertificateDomain">

          <authentication>

              <login-module code="Certificate" flag="required">

                  <module-option name="securityDomain" value="RequireCertificateDomain"/>

                  <module-option name="verifier" value="org.jboss.security.auth.certs.X509CertificateVerifier"/>

              </login-module>

          </authentication>

      </security-domain>

       

      P.S: tried as well org.jboss.security.auth.certs.AnyCertVerifier

       

      In order to verify the client's credententials (mutual authentication) I configured the truststore under the <security-realm...

       

       

      <security-realm name="UndertowRealm">

          <server-identities>

              <ssl>

                  <keystore path="${project.basedir}/target/filtered-wildfly/my.keystore" keystore-password="xxx" alias="alias_name" key-password="xyy"/>

              </ssl>

          </server-identities>

          <authentication>

                  <truststore path="${project.basedir}/target/filtered-wildfly/my.keystore" keystore-password="zha"/>

          </authentication>

      </security-realm>

       

       

      under webapp I added a file called jboss-web.xml

       

      <jboss-web>

          <security-domain>RequireCertificateDomain</security-domain>

      </jboss-web>

       

      and the <login-config> inside web.xml has been changed to

       

       

      <login-config>

          <auth-method>CLIENT-CERT</auth-method>

      </login-config>

       

       

      However I'm getting various errors, among them ...

       

       

      PBOX000248: Failed to create X509CertificateVerifier: java.lang.InstantiationException: org.jboss.security.auth.certs.X509CertificateVerifier

        at java.lang.Class.newInstance(Class.java:359) [rt.jar:1.7.0_60]

        at org.jboss.security.auth.spi.BaseCertLoginModule.initialize(BaseCertLoginModule.java:148) [picketbox-4.0.21.Beta1.jar:4.0.21.Beta1]

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_60]

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_60]

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcc

       

      : Failed to validate certificate: SecurityDomain, Keystore or certificate is null

       

      Any experience in configuring certificate-based mutual authentication on JBoss WildFly

       

       

      Thx for the support