[jboss-jira] [JBoss JIRA] (ELY-1418) CLIENT_CERT without users certificates database
Martin Choma (JIRA)
issues at jboss.org
Thu Mar 15 10:30:00 EDT 2018
[ https://issues.jboss.org/browse/ELY-1418?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13546502#comment-13546502 ]
Martin Choma commented on ELY-1418:
-----------------------------------
[~bilge][~fjuma] [~bmaxwell] Can we discuss possibility of creating RFE for this.
Customers migrating from legacy security solution are missing this feature. Although they can write custom realm, I think it would be more convenient if Elytron provide support for this out of the box.
> CLIENT_CERT without users certificates database
> -----------------------------------------------
>
> Key: ELY-1418
> URL: https://issues.jboss.org/browse/ELY-1418
> Project: WildFly Elytron
> Issue Type: Feature Request
> Components: HTTP
> Affects Versions: 1.2.0.Beta7
> Reporter: Jan Kalina
> Assignee: Jan Kalina
>
> CLIENT_CERT http-authentication-mechanism currently requires to provide security-realm, which will contain identity for given certificate and will verify X509Evidence for it. This does not provide replacement for legacy truststore auth, which allows to use only CA certificate to authenticate users by certificates signed by CA, without any database of them.
> Analysis document:
> https://developer.jboss.org/wiki/AnalysisDesign-CLIENTCERTWithoutUsersCertificatesDatabase
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list