Uploaded image for project: 'JBoss A-MQ'
  1. JBoss A-MQ
  2. ENTMQ-1154

Authentication based on SSL certificate fails for secure WebSockets transport wss://

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • JBoss A-MQ 6.3
    • JBoss A-MQ 6.2
    • broker, stomp
    • None

    Description

      If the broker is configured for secure Web Sockets| <transportConnectorname="wss"uri="wss://0.0.0.0:61618?transport.needClientAuth=true"/>|

      and also uses either of the two JAAS plugins| <plugins>|

      <jaasCertificateAuthenticationPluginconfiguration="..."/>
      <jaasDualAuthenticationPluginconfiguration="..."sslConfiguration="..."/>
      </plugins>

      Then authentication will*always*fail based on the client's SSL certificate.
      Depending on the JAAS plugin used, authentication either fails with| java.lang.SecurityException: Unable to authenticate transport without SSL certificate.|

      in case of using <jaasCertificateAuthenticationPlugin> or| User name [null] or password is invalid.|

      in case of using <jaasDualAuthenticationPlugin>

      Attachments

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. ENTMQ-2088 certificate-based authentication always fails for nio+ssl protocol

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          duplicates

          AMQ-6029 Loading...

          Activity

            People

              dejanbosanac Dejan Bosanac
              rhn-support-tmielke Torsten Mielke
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: