]
Martin Choma commented on ELY-1418:
-----------------------------------
Can we discuss this again? We know we are missing this feature compared to legacy. People
start to look for this feature in Elytron [1]. But I see on PR comment there are some
design doubts. Can we revise them?
[1]
CLIENT_CERT without users certificates database
-----------------------------------------------
Key: ELY-1418
URL:
https://issues.jboss.org/browse/ELY-1418
Project: WildFly Elytron
Issue Type: Feature Request
Components: HTTP
Affects Versions: 1.2.0.Beta7
Reporter: Jan Kalina
Assignee: Jan Kalina
CLIENT_CERT http-authentication-mechanism currently requires to provide security-realm,
which will contain identity for given certificate and will verify X509Evidence for it.
This does not provide replacement for legacy truststore auth, which allows to use only CA
certificate to authenticate users by certificates signed by CA, without any database of
them.
Analysis document:
https://developer.jboss.org/wiki/AnalysisDesign-CLIENTCERTWithoutUsersCer...