]
David Lloyd resolved ELY-697.
-----------------------------
Assignee: David Lloyd
Resolution: Out of Date
This is now done via the SSL context builder and does not directly involve the
authentication client anymore.
Add client authentication method to authenticate a TLS peer using a
security domain
-----------------------------------------------------------------------------------
Key: ELY-697
URL:
https://issues.jboss.org/browse/ELY-697
Project: WildFly Elytron
Issue Type: Enhancement
Components: Authentication Client
Reporter: David Lloyd
Assignee: David Lloyd
Priority: Minor
When a client connects to a remote peer, the authentication protocol in use may support
true mutual authentication, where the remote peer (server) has to authenticate itself to
the client. Specifically, in the TLS case the client may want to perform
client-cert-style authentication with the server certificate, acquiring a SecurityIdentity
in return.
The client authentication API should have a way to specify that TLS certificate
authentication should happen against a specific security domain. It should provide a
means to acquire the SecurityIdentity from the SSL session (the same way as a server does,
if possible).
A server authenticating to a client does not require LoginPermission.