]
Darran Lofthouse updated WFLY-10553:
------------------------------------
Fix Version/s: 14.0.0.CR1
(doc) CLIENT_CERT without users certificates database
-----------------------------------------------------
Key: WFLY-10553
URL:
https://issues.jboss.org/browse/WFLY-10553
Project: WildFly
Issue Type: Feature Request
Components: Documentation
Affects Versions: 13.0.0.Final
Reporter: Jan Kalina
Assignee: Jan Kalina
Fix For: 14.0.0.CR1
CLIENT_CERT http-authentication-mechanism currently requires to provide security-realm,
which will contain identity for given certificate and will verify X509Evidence for it.
This does not provide replacement for legacy truststore auth, which allows to use only CA
certificate to authenticate users by certificates signed by CA, without any database of
them.
As client cetificate is already checked by SSLContext, certificate verification in
CLIENT-CERT HTTP mechanism should be made optional. (Need to be enabled by default for
backward compatibility.)
Analysis document:
https://developer.jboss.org/wiki/AnalysisDesign-CLIENTCERTWithoutUsersCer...