Claudio Miranda [
https://community.jboss.org/people/Claudio4J] created the discussion
"Re: @WS with CLIENT-CERT throws Invalid HTTP server response [401] - Unauthorized on
client side"
To view the discussion, visit:
https://community.jboss.org/message/724358#724358
--------------------------------------------------------------
from the service side, confirm that there is a certificate that can
be used by the service and that the trust store contains the issuing certificate authority
for the certificate used by the client
The server keystore jaas-ms-ejb-ear.ear/jaas-ms-ejb-ws-1.0.0.jar/server_jbossws.jks
has 2 entries
PrivateKeyEntry: server_jbossws
trustedCertEntry: client_jbossws
The server truststore has 2 public keys: server_jbossws and client_jbossws
You can see it in details from the original post.
from the client side, confifrm that there is a certificate that can
be used by the client and that the trust store contains the issuing certificate authority
for
the certificate used by the service
The client keystore src/META-INF/client_jbossws.jks
has 2 entries
PrivateKeyEntry: client_jbossws
trustedCertEntry: server_jbossws
The client truststore has 2 public keys: server_jbossws and client_jbossws
You can see it in details from the original post.
from login-config.xml of jboss, what does UserCertPolicy look like?
The security-domain setting is in the file
*jaas-ms-ejb-ear.ear/lib/jaas-ms-1.1.4.jar/META-INF/ms-auth-jboss-beans.xml*
Its contents are
<deployment xmlns="urn:jboss:bean-deployer:2.0">
<application-policy name="*UserCertPolicy*"
xmlns="urn:jboss:security-beans:1.0">
<authentication>
<login-module code="*br.gov.saude.jaas.spi.UserCertLoginModule*"
flag="required"></login-module>
</authentication>
</application-policy>
</deployment>
And what does this class look like? what does it do?
br.com.myapp.jaas.spi.SubjectMapper
Accordingly to [1] I want to extract the username from certificate to authenticate.
public class SubjectMapper extends SubjectCNMapping {
public Principal toPrinicipal(X509Certificate[] arg0) {
Principal prinicipal = super.toPrinicipal(arg0);
return prinicipal;
}
Thank you for the help.
1.
https://community.jboss.org/docs/DOC-13538#X509_certificate_token
https://community.jboss.org/wiki/JBossWS-WS-SecurityOptions#X509_certific...
--------------------------------------------------------------
Reply to this message by going to Community
[
https://community.jboss.org/message/724358#724358]
Start a new discussion in JBoss Web Services at Community
[
https://community.jboss.org/choose-container!input.jspa?contentType=1&...]