<div dir="ltr">You need to configure client cert auth as being required on the front end server, and then enable certificate-forwarding on the back end server. The front end will encode the certificate into a header, which will be decoded by the back end server.<div><br></div><div>Stuart</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 14, 2018 at 9:15 AM, paroczizs . <span dir="ltr"><<a href="mailto:paroczizs@gmail.com" target="_blank">paroczizs@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:"courier new",monospace">Hi UndertowDev,</div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace">Is it possible to configure 2 way ssl with reverse proxy in wildfly standalone.xml?</div><div class="gmail_default" style="font-family:"courier new",monospace">The schema and the realm set properly in case of 1 way ssl works fine however when the back end requests for the client cert the wildfly does not sent it:</div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default">
<p class="MsoNormal" style="font-family:arial,sans-serif;margin:0px;color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:10pt;font-family:Consolas;color:black">22:12:41,187 INFO [stdout] (default task-2) *** CertificateRequest</span><span style="font-size:10pt;font-family:Consolas"><u></u><u></u></span></p><p class="MsoNormal" style="font-family:arial,sans-serif;margin:0px;color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:10pt;font-family:Consolas;color:black">...</span><span style="font-family:Consolas;font-size:10pt"> </span></p><p class="MsoNormal" style="font-family:arial,sans-serif;margin:0px;color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:10pt;font-family:Consolas;color:black">22:12:41,213 INFO [stdout] (default task-2) Warning: no suitable certificate found - continuing without client authentication</span><span style="font-size:10pt;font-family:Consolas"><u></u><u></u></span></p><p class="MsoNormal" style="font-family:arial,sans-serif;margin:0px;color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:10pt;font-family:Consolas"><u></u> </span></p><p class="MsoNormal" style="font-family:arial,sans-serif;margin:0px;color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:10pt;font-family:Consolas"><br></span></p><p class="MsoNormal" style="font-family:arial,sans-serif;margin:0px;color:rgb(34,34,34);font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:10pt;font-family:Consolas">realm looks like this:</span></p><p class="MsoNormal"><font face="Consolas"><span style="font-size:13.3333px"><security-realm name="PserverRealm"></span></font></p><p class="MsoNormal"><font face="Consolas"><span style="font-size:13.3333px"> <server-identities></span></font></p><p class="MsoNormal"><font face="Consolas"><span style="font-size:13.3333px"> <ssl></span></font></p><p class="MsoNormal"><font face="Consolas"><span style="font-size:13.3333px"> <keystore path="/home/config/pserver.<wbr>jks" keystore-password="123456" alias="pserver" key-password="123456"/></span></font></p><p class="MsoNormal"><font face="Consolas"><span style="font-size:13.3333px"> </ssl></span></font></p><p class="MsoNormal"><font face="Consolas"><span style="font-size:13.3333px"> </server-identities></span></font></p><p class="MsoNormal"><font face="Consolas"><span style="font-size:13.3333px"> <authentication></span></font></p><p class="MsoNormal"><font face="Consolas"><span style="font-size:13.3333px"> <truststore path="/home/config/pserver.<wbr>jks" keystore-password="123456"/></span></font></p><p class="MsoNormal"><font face="Consolas"><span style="font-size:13.3333px"> </authentication></span></font></p><p class="MsoNormal"></p><p class="MsoNormal"><font face="Consolas"><span style="font-size:13.3333px"></security-realm></span></font></p>
<br></div><div class="gmail_default" style="font-family:"courier new",monospace"> </div><div class="gmail_default" style="font-family:"courier new",monospace">Another question whether is basic authentication possible from the configuration?</div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace">Thank you in advance, Zsolt</div></div><div id="m_-7227769160674502977DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br> <table style="border-top:1px solid #d3d4de">
<tbody><tr>
<td style="width:55px;padding-top:18px"><a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" target="_blank"><img src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif" alt="" width="46" height="29" style="width:46px;height:29px"></a></td>
<td style="width:470px;padding-top:17px;color:#41424e;font-size:13px;font-family:Arial,Helvetica,sans-serif;line-height:18px">Mentes a vírusoktól. <a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" style="color:#4453ea" target="_blank">www.avast.com</a> </td>
</tr>
</tbody></table>
<a href="#m_-7227769160674502977_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"></a></div>
<br>______________________________<wbr>_________________<br>
undertow-dev mailing list<br>
<a href="mailto:undertow-dev@lists.jboss.org">undertow-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/undertow-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/undertow-dev</a><br></blockquote></div><br></div>