Loading...

XML

Word

Printable

Details

Type: Feature Request
Resolution: Done
Priority: Major
Fix Version/s: JBossAS-4.0.2 Final, JBossAS-5.0.0.Beta1
Affects Version/s: JBossAS-3.2.7 Final, JBossAS-4.0.1 Final
Component/s: Security
Labels:
None

Hierarchy Progress:
0
Hierarchy Progress Bar:

0% 0%

SFDC Cases Links:
SFDC Cases Counter:

Description

It may be desirable to have client-cert authentication without requiring the client cert be available to the server. This is a weakened form of client-cert authentication that requires the client supply a client cert, but the only requirement is that its signed by a trusted CA. The client cert itself does not need to be verified. This may make sense if you are the CA signing the client cert.

Currently the JaasSecurityDomain and cert based login modules require a client cert in the associated JaasSecurityDomain keystore.

Attachments

Activity

People

Assignee:: Scott Stark (Inactive)

Reporter:: Scott Stark (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 2005/02/12 11:56 AM

Updated:: 2007/01/10 11:59 AM

Resolved:: 2005/04/26 1:49 AM