Re: [undertow-dev] certs
Its an IDM SaaS, so different realms will have different security
models. It should be possible from a NIO perspective, no? Last time I
looked at that stuff it did seem possible.
On 6/27/2013 5:47 AM, Darran Lofthouse wrote:
I will check for you but from last time I worked on this I am not
sure
if that is possible - I think a valid trust store was still required
server side to verify the remote certificate - even if it was just a
trust store containing certificate authority certificates.
Do your clients definitely not have a least a common certificate
authority signing their certificates?
Regards,
Darran Lofthouse.
On 26/06/13 23:57, Bill Burke wrote:
> Sorry, I want to be able to validate the client cert within the
> application servlet.
>
> On 6/26/2013 6:56 PM, Bill Burke wrote:
>> I think you misunderstood me. Not looking for client-cert auth. I want
>> to be able to validate the client server within the application servlet.
>>
>> On 6/26/2013 6:50 PM, Tomaz Cerar wrote:
>>> It can do it already but config is going to change in future.
>>>
>>> Take a look at WebCERTTestsSecurityDomainSetup in testsuite on how to do it.
>>>
>>> Basicly you have to setup securityRealm with server ssl cert, then setup
>>> securtiy constraints for web app
>>>
>>> That test we have in testsuite also tests mapping client certs to users via
>>> CertificateRoles security module.
>>>
>>> --
>>> tomaz
>>>
>>>> -----Original Message-----
>>>> From: undertow-dev-bounces(a)lists.jboss.org [mailto:undertow-dev-
>>>> bounces(a)lists.jboss.org] On Behalf Of Bill Burke
>>>> Sent: Thursday, June 27, 2013 12:11 AM
>>>> To: undertow-dev(a)lists.jboss.org
>>>> Subject: [undertow-dev] certs
>>>>
>>>> I need to be able to client certs in the following manner:
>>>>
>>>> * Set the server to WANT client certs so that it is optional
>>>> * Obtain certificate at the servlet layer so I can validate it myself.
>>>>
>>>> Can Undertow do these yet? Just want to know so I can create the
>>>> appropriate jiras.
>>>>
>>>> --
>>>> Bill Burke
>>>> JBoss, a division of Red Hat
>>>> http://bill.burkecentral.com
>>>> _______________________________________________
>>>> undertow-dev mailing list
>>>> undertow-dev(a)lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>>
>>
>
_______________________________________________
undertow-dev mailing list
undertow-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com