[jboss-jira] [JBoss JIRA] (WFLY-7218) Unable to setup CLIENT_CERT authentication with elytron.

Martin Choma (JIRA) issues at jboss.org
Mon Sep 26 08:45:03 EDT 2016 

     [ https://issues.jboss.org/browse/WFLY-7218?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Martin Choma moved JBEAP-6206 to WFLY-7218:
-------------------------------------------

              Project: WildFly  (was: JBoss Enterprise Application Platform)
                  Key: WFLY-7218  (was: JBEAP-6206)
             Workflow: GIT Pull Request workflow   (was: CDW with loose statuses v1)
          Component/s: Security
                           (was: Security)
    Affects Version/s: 11.0.0.Alpha1
                           (was: 7.1.0.DR5)


> Unable to setup CLIENT_CERT authentication with elytron.
> --------------------------------------------------------
>
>                 Key: WFLY-7218
>                 URL: https://issues.jboss.org/browse/WFLY-7218
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 11.0.0.Alpha1
>            Reporter: Martin Choma
>            Assignee: Darran Lofthouse
>            Priority: Blocker
>
> Following Zach's notes on [How to setup 2 way TLS|https://gitlab.cee.redhat.com/zrhoads/kbase/blob/master/eap71.elytron.2-way-https-apps.adoc]  I am unable to setup it properly. User is not requested by browser for specifying client certificate and get access to application without certificate.
> In log you there is:
> 1. Server send request for certificate
> {code}
> ^[[0m^[[0m13:55:33,309 INFO  [stdout] (default task-1) *** CertificateRequest
> ^[[0m^[[0m13:55:33,309 INFO  [stdout] (default task-1) Cert Types: RSA, DSS, ECDSA
> ^[[0m^[[0m13:55:33,309 INFO  [stdout] (default task-1) Cert Authorities:
> ^[[0m^[[0m13:55:33,310 INFO  [stdout] (default task-1) <CN=client>
> {code}
> 2. And client responds with empty certificate chain. Without asking for certificate
> {code}
> ^[[0m^[[0m13:55:33,432 INFO  [stdout] (default task-2) *** Certificate chain
> ^[[0m^[[0m13:55:33,432 INFO  [stdout] (default task-2) <Empty>
> ^[[0m^[[0m13:55:33,432 INFO  [stdout] (default task-2) ***
> {code}
> I am attaching:
> * server.log - server log with -Djavax.net.debug=all turn on.
> * 2wayTLS.pcap - wireshark recording of port 8443
> * secured-app - tested application 



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list