[jboss-jira] [JBoss JIRA] (WFLY-7662) CLIENT-CERT authentication doesn't work

[Rostyslav Smirnov (JIRA)]

    [ https://issues.jboss.org/browse/WFLY-7662?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13331882#comment-13331882 ] 

Rostyslav Smirnov commented on WFLY-7662:
-----------------------------------------

It is caused by HTTP/2 enablement in Wildfly 10.1.0. Browser doesn't present a certificate when establishing the connection, so [ClientCertAuthenticationMechanism|https://github.com/undertow-io/undertow/blob/1.4.0.Final/core/src/main/java/io/undertow/security/impl/ClientCertAuthenticationMechanism.java#L125] renegotiates, triggering browser to present certificate dialog prompt. This doesn't happen in Wildfly 10.1.0 due to [Http2SslSessionInfo|https://github.com/undertow-io/undertow/blob/1.4.0.Final/core/src/main/java/io/undertow/server/protocol/http2/Http2SslSessionInfo.java#L91] not supporting renegotiation.

> CLIENT-CERT authentication doesn't work
> ---------------------------------------
>
>                 Key: WFLY-7662
>                 URL: https://issues.jboss.org/browse/WFLY-7662
>             Project: WildFly
>          Issue Type: Bug
>          Components: Web (Undertow)
>    Affects Versions: 10.1.0.Final
>         Environment: Java 1.8.0_112
>            Reporter: Rostyslav Smirnov
>            Assignee: Stuart Douglas
>
> When accessing a web application secured by CLIENT-CERT authentication, a browser no longer presents certificate dialog prompt, always displays response 403 Forbidden instead.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)