10:04 a.m.
I will have another look, last time I looked into this however there did
seem to be a need for list of accepted issuers of certificates to be
returned from the X509TrustManager in use: -
X509Certificate[] getAcceptedIssuers()
Regards,
Darran Lofthouse.
On 27/06/13 14:10, Bill Burke wrote:
Its an IDM SaaS, so different realms will have different security
models. It should be possible from a NIO perspective, no? Last time I
looked at that stuff it did seem possible.
On 6/27/2013 5:47 AM, Darran Lofthouse wrote:
> I will check for you but from last time I worked on this I am not sure
> if that is possible - I think a valid trust store was still required
> server side to verify the remote certificate - even if it was just a
> trust store containing certificate authority certificates.
>
> Do your clients definitely not have a least a common certificate
> authority signing their certificates?
>
> Regards,
> Darran Lofthouse.
>
>
> On 26/06/13 23:57, Bill Burke wrote:
>> Sorry, I want to be able to validate the client cert within the
>> application servlet.
>>
>> On 6/26/2013 6:56 PM, Bill Burke wrote:
>>> I think you misunderstood me. Not looking for client-cert auth. I want
>>> to be able to validate the client server within the application servlet.
>>>
>>> On 6/26/2013 6:50 PM, Tomaz Cerar wrote:
>>>> It can do it already but config is going to change in future.
>>>>
>>>> Take a look at WebCERTTestsSecurityDomainSetup in testsuite on how to do
it.
>>>>
>>>> Basicly you have to setup securityRealm with server ssl cert, then setup
>>>> securtiy constraints for web app
>>>>
>>>> That test we have in testsuite also tests mapping client certs to users
via
>>>> CertificateRoles security module.
>>>>
>>>> --
>>>> tomaz
>>>>
>>>>> -----Original Message-----
>>>>> From: undertow-dev-bounces(a)lists.jboss.org [mailto:undertow-dev-
>>>>> bounces(a)lists.jboss.org] On Behalf Of Bill Burke
>>>>> Sent: Thursday, June 27, 2013 12:11 AM
>>>>> To: undertow-dev(a)lists.jboss.org
>>>>> Subject: [undertow-dev] certs
>>>>>
>>>>> I need to be able to client certs in the following manner:
>>>>>
>>>>> * Set the server to WANT client certs so that it is optional
>>>>> * Obtain certificate at the servlet layer so I can validate it
myself.
>>>>>
>>>>> Can Undertow do these yet? Just want to know so I can create the
>>>>> appropriate jiras.
>>>>>
>>>>> --
>>>>> Bill Burke
>>>>> JBoss, a division of Red Hat
>>>>> http://bill.burkecentral.com
>>>>> _______________________________________________
>>>>> undertow-dev mailing list
>>>>> undertow-dev(a)lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>>>
>>>
>>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
>