[jboss-jira] [JBoss JIRA] (ELY-1600) CLIENT_CERT without users certificates database
Jan Kalina (JIRA)
issues at jboss.org
Tue Jun 12 07:08:00 EDT 2018
Jan Kalina created ELY-1600:
-------------------------------
Summary: CLIENT_CERT without users certificates database
Key: ELY-1600
URL: https://issues.jboss.org/browse/ELY-1600
Project: WildFly Elytron
Issue Type: Feature Request
Components: HTTP
Affects Versions: 1.2.0.Beta7
Reporter: Jan Kalina
Assignee: Jan Kalina
CLIENT_CERT http-authentication-mechanism currently requires to provide security-realm, which will contain identity for given certificate and will verify X509Evidence for it. This does not provide replacement for legacy truststore auth, which allows to use only CA certificate to authenticate users by certificates signed by CA, without any database of them.
As client cetificate is already checked by SSLContext, certificate verification in CLIENT-CERT HTTP mechanism should be made optional. (Need to be enabled by default for backward compatibility.)
Analysis document:
https://developer.jboss.org/wiki/AnalysisDesign-CLIENTCERTWithoutUsersCertificatesDatabase
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list