[jboss-jira] [JBoss JIRA] (WFCORE-2647) Add an option to always send the client SSL certificate to LDAP server

Peter Palaga (JIRA) issues at jboss.org
Mon Apr 10 07:10:00 EDT 2017 

    [ https://issues.jboss.org/browse/WFCORE-2647?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13391361#comment-13391361 ] 

Peter Palaga edited comment on WFCORE-2647 at 4/10/17 7:09 AM:
---------------------------------------------------------------

[~dlofthouse] could you please approve the following choices or propose something better?

(1) The new management attribute will be called {{alwaysSendClientCert}} and its values will be {{false}} : default, the present behavior and   {{true}} {{LdapConnectionManagerService.verifyIdentity(Config, String, String)}} will call {{getSSLContext(false)}}

(2) The new management attribute will hang on the ldap outbound-connection node

(3) The system property will be called {{jboss.as.management.outbound.ldap.alwaysSendClientCert}}




was (Author: ppalaga):
[~dlofthouse] could you please approve the following choices?

(1) The new management attribute will be called {{alwaysSendClientCert}} and its values will be {{false}} : default, the present behavior and   {{true}} {{LdapConnectionManagerService.verifyIdentity(Config, String, String)}} will call {{getSSLContext(false)}}

(2) The new management attribute will hang on the ldap outbound-connection node

(3) The system property will be called {{jboss.as.management.outbound.ldap.alwaysSendClientCert}}



> Add an option to always send the client SSL certificate to LDAP server
> ----------------------------------------------------------------------
>
>                 Key: WFCORE-2647
>                 URL: https://issues.jboss.org/browse/WFCORE-2647
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Domain Management
>            Reporter: Peter Palaga
>            Assignee: Peter Palaga
>
> This is the component issue for https://issues.jboss.org/browse/JBEAP-4439 and https://bugzilla.redhat.com/show_bug.cgi?id=1327758
> The present code in {{LdapConnectionManagerService}} was designed so that the client cert is sent to authenticate the search account but during the username / password verification step, the client cert is not sent.
> The present objective is to add an option (that will default to the old behavior) to send the client password also during the username / password verification.
> This includes (citing [~dlofthouse]):
> * Implement management model based configuration and an implementation for the current version
> * Port back to older versions using a system property.
> * Forward port the system property to the current version for compatibility.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list