[jboss-user] [JBoss Web Services] - Re: @WS with CLIENT-CERT throws Invalid HTTP server response [401] - Unauthorized on client side
Claudio Miranda
do-not-reply at jboss.com
Fri Mar 16 10:54:49 EDT 2012
Claudio Miranda [https://community.jboss.org/people/Claudio4J] created the discussion
"Re: @WS with CLIENT-CERT throws Invalid HTTP server response [401] - Unauthorized on client side"
To view the discussion, visit: https://community.jboss.org/message/724358#724358
--------------------------------------------------------------
> from the service side, confirm that there is a certificate that can be used by the service and that the trust store contains the issuing certificate authority
> for the certificate used by the client
The server keystore jaas-ms-ejb-ear.ear/jaas-ms-ejb-ws-1.0.0.jar/server_jbossws.jks
has 2 entries
PrivateKeyEntry: server_jbossws
trustedCertEntry: client_jbossws
The server truststore has 2 public keys: server_jbossws and client_jbossws
You can see it in details from the original post.
> from the client side, confifrm that there is a certificate that can be used by the client and that the trust store contains the issuing certificate authority for
> the certificate used by the service
The client keystore src/META-INF/client_jbossws.jks
has 2 entries
PrivateKeyEntry: client_jbossws
trustedCertEntry: server_jbossws
The client truststore has 2 public keys: server_jbossws and client_jbossws
You can see it in details from the original post.
> from login-config.xml of jboss, what does UserCertPolicy look like?
The security-domain setting is in the file *jaas-ms-ejb-ear.ear/lib/jaas-ms-1.1.4.jar/META-INF/ms-auth-jboss-beans.xml*
Its contents are
> <deployment xmlns="urn:jboss:bean-deployer:2.0">
>
> <application-policy name="*UserCertPolicy*" xmlns="urn:jboss:security-beans:1.0">
> <authentication>
> <login-module code="*br.gov.saude.jaas.spi.UserCertLoginModule*" flag="required"></login-module>
> </authentication>
> </application-policy>
> </deployment>
> And what does this class look like? what does it do? br.com.myapp.jaas.spi.SubjectMapper
Accordingly to [1] I want to extract the username from certificate to authenticate.
> public class SubjectMapper extends SubjectCNMapping {
>
> public Principal toPrinicipal(X509Certificate[] arg0) {
> Principal prinicipal = super.toPrinicipal(arg0);
> return prinicipal;
> }
>
Thank you for the help.
1. https://community.jboss.org/docs/DOC-13538#X509_certificate_token https://community.jboss.org/wiki/JBossWS-WS-SecurityOptions#X509_certificate_token
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/724358#724358]
Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20120316/772fe5d7/attachment.html
More information about the jboss-user
mailing list