[undertow-dev] certs

Bill Burke bburke at redhat.com
Thu Jun 27 09:10:51 EDT 2013 

Its an IDM SaaS, so different realms will have different security 
models.  It should be possible from a NIO perspective, no?  Last time I 
looked at that stuff it did seem possible.

On 6/27/2013 5:47 AM, Darran Lofthouse wrote:
> I will check for you but from last time I worked on this I am not sure
> if that is possible - I think a valid trust store was still required
> server side to verify the remote certificate - even if it was just a
> trust store containing certificate authority certificates.
>
> Do your clients definitely not have a least a common certificate
> authority signing their certificates?
>
> Regards,
> Darran Lofthouse.
>
>
> On 26/06/13 23:57, Bill Burke wrote:
>> Sorry, I want to be able to validate the client cert within the
>> application servlet.
>>
>> On 6/26/2013 6:56 PM, Bill Burke wrote:
>>> I think you misunderstood me.  Not looking for client-cert auth.  I want
>>> to be able to validate the client server within the application servlet.
>>>
>>> On 6/26/2013 6:50 PM, Tomaz Cerar wrote:
>>>> It can do it already but config is going to change in future.
>>>>
>>>> Take a look at WebCERTTestsSecurityDomainSetup in testsuite on how to do it.
>>>>
>>>> Basicly you have to setup securityRealm with server ssl cert, then setup
>>>> securtiy constraints for web app
>>>>
>>>> That test we have in testsuite also tests mapping client certs to users via
>>>> CertificateRoles security module.
>>>>
>>>> --
>>>> tomaz
>>>>
>>>>> -----Original Message-----
>>>>> From: undertow-dev-bounces at lists.jboss.org [mailto:undertow-dev-
>>>>> bounces at lists.jboss.org] On Behalf Of Bill Burke
>>>>> Sent: Thursday, June 27, 2013 12:11 AM
>>>>> To: undertow-dev at lists.jboss.org
>>>>> Subject: [undertow-dev] certs
>>>>>
>>>>> I need to be able to client certs in the following manner:
>>>>>
>>>>> * Set the server to WANT client certs so that it is optional
>>>>> * Obtain certificate at the servlet layer so I can validate it myself.
>>>>>
>>>>> Can Undertow do these yet?  Just want to know so I can create the
>>>>> appropriate jiras.
>>>>>
>>>>> --
>>>>> Bill Burke
>>>>> JBoss, a division of Red Hat
>>>>> http://bill.burkecentral.com
>>>>> _______________________________________________
>>>>> undertow-dev mailing list
>>>>> undertow-dev at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>>>
>>>
>>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the undertow-dev mailing list