[jboss-jira] [JBoss JIRA] (ELY-646) Unable to setup CLIENT_CERT authentication with elytron.

Jan Kalina (JIRA) issues at jboss.org
Thu Sep 29 18:08:00 EDT 2016 

    [ https://issues.jboss.org/browse/ELY-646?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13300627#comment-13300627 ] 

Jan Kalina commented on ELY-646:
--------------------------------

Note: Pull request in header is sufficient to fix the problem, but to have green subsystem tests, following subsystem pull request is need:
https://github.com/wildfly-security/elytron-subsystem/pull/240
(Changed exception, which is thrown when client-auth was not provided.)

> Unable to setup CLIENT_CERT authentication with elytron.
> --------------------------------------------------------
>
>                 Key: ELY-646
>                 URL: https://issues.jboss.org/browse/ELY-646
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: SSL
>            Reporter: Martin Choma
>            Assignee: Jan Kalina
>            Priority: Blocker
>
> Following Zach's notes on [How to setup 2 way TLS|https://gitlab.cee.redhat.com/zrhoads/kbase/blob/master/eap71.elytron.2-way-https-apps.adoc]  I am unable to setup it properly. User is not requested by browser for specifying client certificate and get access to application without certificate.
> In log you there is:
> 1. Server send request for certificate
> {code}
> ^[[0m^[[0m13:55:33,309 INFO  [stdout] (default task-1) *** CertificateRequest
> ^[[0m^[[0m13:55:33,309 INFO  [stdout] (default task-1) Cert Types: RSA, DSS, ECDSA
> ^[[0m^[[0m13:55:33,309 INFO  [stdout] (default task-1) Cert Authorities:
> ^[[0m^[[0m13:55:33,310 INFO  [stdout] (default task-1) <CN=client>
> {code}
> 2. And client responds with empty certificate chain. Without asking for certificate
> {code}
> ^[[0m^[[0m13:55:33,432 INFO  [stdout] (default task-2) *** Certificate chain
> ^[[0m^[[0m13:55:33,432 INFO  [stdout] (default task-2) <Empty>
> ^[[0m^[[0m13:55:33,432 INFO  [stdout] (default task-2) ***
> {code}
> I am attaching:
> * server.log - server log with -Djavax.net.debug=all turn on.
> * 2wayTLS.pcap - wireshark recording of port 8443
> * secured-app - tested application 



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list