client certificate authentication
quentinvw Mar 19, 2015 6:29 AMHello all !
I come here looking for help because I'm actually not sure what I want to do is possible.
So, I have a Wildfly 8.1 server running. On this server I have deployed 2 web service REST. I need to configure SSL transport for both of them but for the first one, I want mutual authentication (client and server) and for the second one I just want server authentication. I tried using security-domain with Certificate and jsse but I can't make it work...
For the record, I have tried global configuration of my ssl-realm with mutual authentication and it worked just fine.
What doesn't work is making client_cert authentication mandatory on one of my REST web service. When I try to connect to it, I seem to be redirected to the global configuration of ssl-realm and the server doesn't ask for my client certificate.
Here are my wildfly and web.xml configurations
Wildfly
...
<security-realm name="ssl-realm">
<server-identities>
<ssl protocol="SSL">
<keystore path="wildflyKeystore.jks" relative-to="jboss.server.config.dir" keystore-password="test" alias="alerter (telemis)" key-password="test"/>
</ssl>
</server-identities>
</security-realm>
...
<security-domain name="SSLClientCert">
<authentication>
<login-module code="Certificate" flag="required">
<module-option name="securityDomain" value="cert"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="cert">
<jsse truststore-password="test" truststore-url="file:${jboss.server.config.dir}/wildflyTruststore.jks" client-auth="true"/>
</security-domain>
...
<https-listener name="default-https" socket-binding="https" security-realm="ssl-realm" verify-client="REQUESTED"/>
Web.xml
...
<security-constraint>
<web-resource-collection>
<web-resource-name>webresources</web-resource-name>
<url-pattern>/webresources/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>ssl-realm</realm-name>
</login-config>
jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/SSLClientCert</security-domain>
</jboss-web>
Thank you for your time !