> from the service side, confirm that there is a certificate that can be used by the service and that the trust store contains the issuing certificate authority
> for the certificate used by the client
The server keystore jaas-ms-ejb-ear.ear/jaas-ms-ejb-ws-1.0.0.jar/server_jbossws.jks
has 2 entries
PrivateKeyEntry: server_jbossws
trustedCertEntry: client_jbossws
The server truststore has 2 public keys: server_jbossws and client_jbossws
You can see it in details from the original post.
> from the client side, confifrm that there is a certificate that can be used by the client and that the trust store contains the issuing certificate authority for
> the certificate used by the service
The client keystore src/META-INF/client_jbossws.jks
has 2 entries
PrivateKeyEntry: client_jbossws
trustedCertEntry: server_jbossws
The client truststore has 2 public keys: server_jbossws and client_jbossws
You can see it in details from the original post.
> from login-config.xml of jboss, what does UserCertPolicy look like?
The security-domain setting is in the file jaas-ms-ejb-ear.ear/lib/jaas-ms-1.1.4.jar/META-INF/ms-auth-jboss-beans.xml
Its contents are
<deployment xmlns="urn:jboss:bean-deployer:2.0">
<application-policy name="UserCertPolicy" xmlns="urn:jboss:security-beans:1.0">
<authentication>
<login-module code="br.gov.saude.jaas.spi.UserCertLoginModule" flag="required"></login-module>
</authentication>
</application-policy>
</deployment>
> And what does this class look like? what does it do? br.com.myapp.jaas.spi.SubjectMapper
Accordingly to [1] I want to extract the username from certificate to authenticate.
public class SubjectMapper extends SubjectCNMapping {
public Principal toPrinicipal(X509Certificate[] arg0) {
Principal prinicipal = super.toPrinicipal(arg0);
return prinicipal;
}
}
Thank you for the help.
1. https://community.jboss.org/wiki/JBossWS-WS-SecurityOptions#X509_certificate_token