Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1418

CLIENT_CERT without users certificates database

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Done
    • Major
    • 1.4.0.Final
    • 1.2.0.Beta7
    • HTTP
    • None

    Description

      CLIENT_CERT http-authentication-mechanism currently requires to provide security-realm, which will contain identity for given certificate and will verify X509Evidence for it. This does not provide replacement for legacy truststore auth, which allows to use only CA certificate to authenticate users by certificates signed by CA, without any database of them.

      As client cetificate is already checked by SSLContext, certificate verification in CLIENT-CERT HTTP mechanism should be made optional. (Need to be enabled by default for backward compatibility.)

      Analysis document:
      https://developer.jboss.org/wiki/AnalysisDesign-CLIENTCERTWithoutUsersCertificatesDatabase

      Attachments

        Issue Links

          is cloned by

          Feature Request - Feature requests from customers and/or users JBEAP-12417 CLIENT_CERT without users certificates database

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Feature Request - Feature requests from customers and/or users WFLY-10553 (doc) CLIENT_CERT without users certificates database

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is incorporated by

          Tracker - Issue tracking a bug fix or improvement in another component ELY-1421 Elytron 1.2 user impacting issues

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Resolved

          Activity

            People

              jkalina@redhat.com Jan Kalina (Inactive)
              jkalina@redhat.com Jan Kalina (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: