3 Replies Latest reply on May 10, 2003 2:47 AM by medthomas

    CLIENT-CERT Authentication Config

    medthomas Newbie

      Hi,

      I am trying to configure JBoss 3.2.0 to support client authentication.

      I have a test .ear that I have successfully configured to run BASIC authentication over an SSL connection. My goal is to re-configure this to use CLIENT-CERT authentication (over SSL).

      A Google search lead me to a patch to enable support for this within JBoss/that was developed back in Feb this year. Having looked at SourceForge it appears, if I have understood CVS correctly, that this patch was incorporated in JBoss 3.2.0.

      Can anybody tell me how to configure this authentication mechanism and/or point me in the direction of the relevant documentation. I have looked at the JBoss docs available on-line but the latest version covered is 3.0.7.

      Thanks in anticipation for any help.

      Mark

        • 1. Re: CLIENT-CERT Authentication Config
          Bart Vanhaute Newbie

          From looking at the source release, an updated version of the patch (you are talking about the 'jetty' patch aren't you?) has been applied in 3.2.0.

          However, I have my questions about the behaviour. I have a simple servlet that just prints out the getCallerPrincipal() and getRemoteUser(). The result to me is not very useable, because you simply get a string representation with the serial number of the certificate, and the DN of the CA that issued the certificate.

          It would be nice if I could at least write a LoginModule where i can get the certificate objects. I tried to create one but I fail to see how I could get a hold of these objects.

          • 2. Re: CLIENT-CERT Authentication Config
            Dietmar Scheidl Newbie

            Hi,

            here is a simple skelleton of a Login Module which you could use.

            The Credential contains the CertificateChain.

            Just put your checks within the login-method and return the roles for the user in the getRoleSet-method.

            I have tested it with 3.2.0 + Tomcat 4.1.24 but I did some modifications on JBossSecurityMgrRealm.java to get it working. This modifications are already commited to 3.2.1 but I did not have time to check that till now.

            Didi

            • 3. Re: CLIENT-CERT Authentication Config
              medthomas Newbie

              Didi,

              Thanks for your help. I have upgraded to 3.2.1 with tomcat 4.1.24 and have managed to get it working although not quite in the way I expected (request.getRemoteUser() returns cert serial + issuer DN). I am not sure that this is standard behaviour. I am planning to have a look at this and your login module this weekend.

              Mark