[undertow-dev] certs
Darran Lofthouse
darran.lofthouse at jboss.com
Thu Jun 27 11:04:03 EDT 2013
I will have another look, last time I looked into this however there did
seem to be a need for list of accepted issuers of certificates to be
returned from the X509TrustManager in use: -
X509Certificate[] getAcceptedIssuers()
Regards,
Darran Lofthouse.
On 27/06/13 14:10, Bill Burke wrote:
> Its an IDM SaaS, so different realms will have different security
> models. It should be possible from a NIO perspective, no? Last time I
> looked at that stuff it did seem possible.
>
> On 6/27/2013 5:47 AM, Darran Lofthouse wrote:
>> I will check for you but from last time I worked on this I am not sure
>> if that is possible - I think a valid trust store was still required
>> server side to verify the remote certificate - even if it was just a
>> trust store containing certificate authority certificates.
>>
>> Do your clients definitely not have a least a common certificate
>> authority signing their certificates?
>>
>> Regards,
>> Darran Lofthouse.
>>
>>
>> On 26/06/13 23:57, Bill Burke wrote:
>>> Sorry, I want to be able to validate the client cert within the
>>> application servlet.
>>>
>>> On 6/26/2013 6:56 PM, Bill Burke wrote:
>>>> I think you misunderstood me. Not looking for client-cert auth. I want
>>>> to be able to validate the client server within the application servlet.
>>>>
>>>> On 6/26/2013 6:50 PM, Tomaz Cerar wrote:
>>>>> It can do it already but config is going to change in future.
>>>>>
>>>>> Take a look at WebCERTTestsSecurityDomainSetup in testsuite on how to do it.
>>>>>
>>>>> Basicly you have to setup securityRealm with server ssl cert, then setup
>>>>> securtiy constraints for web app
>>>>>
>>>>> That test we have in testsuite also tests mapping client certs to users via
>>>>> CertificateRoles security module.
>>>>>
>>>>> --
>>>>> tomaz
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: undertow-dev-bounces at lists.jboss.org [mailto:undertow-dev-
>>>>>> bounces at lists.jboss.org] On Behalf Of Bill Burke
>>>>>> Sent: Thursday, June 27, 2013 12:11 AM
>>>>>> To: undertow-dev at lists.jboss.org
>>>>>> Subject: [undertow-dev] certs
>>>>>>
>>>>>> I need to be able to client certs in the following manner:
>>>>>>
>>>>>> * Set the server to WANT client certs so that it is optional
>>>>>> * Obtain certificate at the servlet layer so I can validate it myself.
>>>>>>
>>>>>> Can Undertow do these yet? Just want to know so I can create the
>>>>>> appropriate jiras.
>>>>>>
>>>>>> --
>>>>>> Bill Burke
>>>>>> JBoss, a division of Red Hat
>>>>>> http://bill.burkecentral.com
>>>>>> _______________________________________________
>>>>>> undertow-dev mailing list
>>>>>> undertow-dev at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>>>>
>>>>
>>>
>> _______________________________________________
>> undertow-dev mailing list
>> undertow-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>
>
More information about the undertow-dev
mailing list