]
Steven Hawkins updated TEIID-5780:
----------------------------------
Fix Version/s: 13.1
(was: 13.0)
Support certificate based authentication into Teiid pg
------------------------------------------------------
Key: TEIID-5780
URL:
https://issues.jboss.org/browse/TEIID-5780
Project: Teiid
Issue Type: Sub-task
Components: ODBC
Reporter: Steven Hawkins
Assignee: Steven Hawkins
Priority: Major
Fix For: 13.1
Original Estimate: 2 days
Time Spent: 6 hours
Remaining Estimate: 1 day, 2 hours
To support the pg connection into Teiid we will do something like:
- require a pg secure port using the service signing certificate: TEIIDSB-90 TEIIDSB-92
-- one clarification is that we must document how to make the pg cert dominant if both pg
and jdbc secure are used
TODO:
- configure the pg instance to have a service signing certificate and trust the Teiid
service signing certificate. If that trust seems too difficult we can just configure the
connection to trust all.
- configure the pg connection to Teiid to use the pg service signing certificate as the
client certificate
- trust the pg service signing certificate at the teiid service - we need hostname
validation to be enabled and the Teiid server to map the service host name to an
authenticated user (this could possibly be generalized via keycloak support to more
users).