Jan Kalina created WFLY-9152: -------------------------------- Summary: CLIENT_CERT without users certificates database Key: WFLY-9152 URL: https://issues.jboss.org/browse/WFLY-9152 Project: WildFly Issue Type: Feature Request Components: Security Affects Versions: 11.0.0.Alpha1 Reporter: Jan Kalina Assignee: Jan Kalina Fix For: 12.0.0.Alpha1 CLIENT_CERT http-authentication-mechanism currently requires to provide security-realm, which will contain identity for given certificate and will verify X509Evidence for it. This does not provide replacement for legacy truststore auth, which allows to use only CA certificate to authenticate users by certificates signed by CA, without any database of them. Analysis document: https://developer.jboss.org/wiki/AnalysisDesign-CLIENTCERTWithoutUsersCer... -- This message was sent by Atlassian JIRA (v7.2.3#72005)