cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jérôme Revillard <>
Subject Re: User credential delegation
Date Thu, 07 Apr 2011 18:47:40 GMT
Hi Dan,

Le 07/04/2011 19:15, Daniel Kulp a écrit :
> You "likely can", but it will likely require a bit of work and I really don't 
> know enough about how the Globus stuff did it to make suggestions.
> Most likely with WS-SecConv, the first request would include the client certs 
> that would be required for the authentication.  The conversation token would 
> be generated and returned to the client and used from there.   NORMALLY, we 
> just discard the certs and such from the first request as it's not needed 
> anymore.   However, you could write an intereceptor that would record that 
> information for use later.   Subsequent requests could grab that infromation 
> associated with the conversation token and use that for auth decisions and 
> such.

When you said that the first request would include the client certs, do
you mean that it will include the public and the private certificate of
the client or only the public certificate chain? If I can access the
private one then that's indeed what I need.

Concerning the interceptor, at which "phase" should I put it and do you
know in which request message key I could expect to find the private key?

Thanks a lot for your help,

Dr Jérôme Revillard

View raw message