0 Replies Latest reply on Mar 16, 2015 3:46 PM by c.sturtz

    EAP 6.2 - SAAJ Client unable to use Client Authentication via SSL

    c.sturtz

      I have written an SAAJ SOAP Client for a service that requires mutual authentication via HTTPS. This client is able to communicate with the service when executing w/in a JUnit test in Eclipse, given the keystore/truststore is configured properly via the javax.net.ssl.* system properties.

       

      When deployed within a WAR to JBoss EAP 6.2, I get a 403 response. CXF Logging shows that the resulting conduit is treated as 'plain http'. I looked around for a bit in JBoss's SOAPConnectionImpl class and it seems that the CXF HTTP Conduit is not being provided any TLSClientConfiguration programatically.

       

      This leaves me to assume that JBoss expects that I include some type of configuration, in addition to the javax.net.ssl system properties, in order to achieve mutual authentication via HTTPS with the SOAP Service.

       

      1. Can someone confirm/deny that additional configuration is required to do what I need?

      2. If confirmed, can someone assist me with that configuration (link to documentation, example, etc)?

       

      Many thanks!