Return-Path: Delivered-To: apmail-cxf-users-archive@www.apache.org Received: (qmail 93836 invoked from network); 7 Apr 2011 18:48:26 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 7 Apr 2011 18:48:26 -0000 Received: (qmail 18808 invoked by uid 500); 7 Apr 2011 18:48:26 -0000 Delivered-To: apmail-cxf-users-archive@cxf.apache.org Received: (qmail 18763 invoked by uid 500); 7 Apr 2011 18:48:26 -0000 Mailing-List: contact users-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cxf.apache.org Delivered-To: mailing list users@cxf.apache.org Received: (qmail 18753 invoked by uid 99); 7 Apr 2011 18:48:26 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Apr 2011 18:48:26 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [213.190.9.3] (HELO mail.maat-g.com) (213.190.9.3) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Apr 2011 18:48:18 +0000 Received: from localhost (localhost [127.0.0.1]) by mail.maat-g.com (Postfix) with ESMTP id 551A1B5008B; Thu, 7 Apr 2011 20:47:57 +0200 (CEST) X-Virus-Scanned: amavisd-new at mail.maat-g.com Received: from mail.maat-g.com ([127.0.0.1]) by localhost (mail.maat-g.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XRFh-x7uBTvp; Thu, 7 Apr 2011 20:47:52 +0200 (CEST) Received: from ORDIWORK.fr (sil74-1-88-184-241-36.fbx.proxad.net [88.184.241.36]) by mail.maat-g.com (Postfix) with ESMTP id ED54BB50089; Thu, 7 Apr 2011 20:47:51 +0200 (CEST) Message-ID: <4D9E06CC.1040804@maatg.com> Date: Thu, 07 Apr 2011 20:47:40 +0200 From: =?ISO-8859-15?Q?J=E9r=F4me_Revillard?= User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110321 Lightning/1.0b2 Thunderbird/3.1.9 MIME-Version: 1.0 To: Daniel Kulp CC: users@cxf.apache.org, coheigea@apache.org Subject: Re: User credential delegation References: <4D95F4EE.9040004@maatg.com> <4D997351.2040607@maatg.com> <201104071315.26425.dkulp@apache.org> In-Reply-To: <201104071315.26425.dkulp@apache.org> X-Enigmail-Version: 1.1.2 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms090407050704020803070508" X-Virus-Checked: Checked by ClamAV on apache.org --------------ms090407050704020803070508 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Hi Dan, Le 07/04/2011 19:15, Daniel Kulp a =E9crit : > You "likely can", but it will likely require a bit of work and I really= don't=20 > know enough about how the Globus stuff did it to make suggestions. > > Most likely with WS-SecConv, the first request would include the client= certs=20 > that would be required for the authentication. The conversation token = would=20 > be generated and returned to the client and used from there. NORMALLY= , we=20 > just discard the certs and such from the first request as it's not need= ed=20 > anymore. However, you could write an intereceptor that would record t= hat=20 > information for use later. Subsequent requests could grab that infrom= ation=20 > associated with the conversation token and use that for auth decisions = and=20 > such. When you said that the first request would include the client certs, do you mean that it will include the public and the private certificate of the client or only the public certificate chain? If I can access the private one then that's indeed what I need. Concerning the interceptor, at which "phase" should I put it and do you know in which request message key I could expect to find the private key?= Thanks a lot for your help, Best, Jerome --=20 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D Dr J=E9r=F4me Revillard CTO MAAT France www.maatg.com =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D --------------ms090407050704020803070508 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIQ1zCC A7UwggKdoAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwLDELMAkGA1UEBhMCRlIxDTALBgNVBAoT BENOUlMxDjAMBgNVBAMTBUNOUlMyMB4XDTA5MDEyMTA4NTQ1MVoXDTI5MDEyMDA4NTQ1MVow NDELMAkGA1UEBhMCRlIxDTALBgNVBAoTBENOUlMxFjAUBgNVBAMTDUNOUlMyLVByb2pldHMw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8FWW8gumZ4OabRMD7YqmsyLLb75yQ Uv5NaJl5LpeGQw3+jq6mzVhDFqYJ028QFdshfDYb3paEm2VJCuRHkxxUAGSuxhT02hqTQLQO dqSNrp+szelV6bBws/udUUosf+cbWLn+Ah6cFB0RaBQCwRH5G7YyraCruUeM/KHw/3U5iEOg OJNiOgzu+iyMtqwQtNfvraeAW4SXwEX7eTcpmm8CXczmfA+HzS+UzVjzFepJRW9uCvkxRgCm obpl/Z/VBxZ8oJXM6JKjnBiECaM7XjSZbupWRYi/yHAEMRqpSQoigTSTjRZ/7VVYxl+bXdBm HUM2Uc0H/mtyk3hDXXXW7XEtAgMBAAGjgdkwgdYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E FgQUZHyYPtGo7r4j3AeP5mfRj5qBZ8AwVAYDVR0jBE0wS4AUUJe2DfesMxev8R1GPGs7/wCg 5eWhMKQuMCwxCzAJBgNVBAYTAkZSMQ0wCwYDVQQKEwRDTlJTMQ4wDAYDVQQDEwVDTlJTMoIB ADAOBgNVHQ8BAf8EBAMCAQYwPgYDVR0fBDcwNTAzoDGgL4YtaHR0cDovL2NybHMuc2Vydmlj ZXMuY25ycy5mci9DTlJTMi9nZXRkZXIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQAkOK452jv5 s//v7Aqdpdx95kdtZlptsuUsU3Td6yqKYu8bGpvgHAch+K3xiMB3JGNpndq4NPC1DNJelXDh gU6etFvzhQ2AJV9kIGj3YRU+uHqOAdLP5ESwOVhIBUK0j7w11EHfDhR4JPwhIvtwi4rYHUQu 9Ji2fIDrm9O9S9+dmmN6liSEIJLNqYlYPib4t44J1lh0vhZukufRnljLwxBsbcPZFCaJLqOl yote93NR7aEEELnBLeTRclB+kMhiNmJ/kq0asDu2SbbEGmnkyFzy6rkf3MrigH4u400BR40l LRHz/qQjK5JFbZBBo3Nr/FkcAJTMc14QAwW/cw15KpOfMIIDwDCCAqigAwIBAgIBAzANBgkq hkiG9w0BAQUFADA0MQswCQYDVQQGEwJGUjENMAsGA1UEChMEQ05SUzEWMBQGA1UEAxMNQ05S UzItUHJvamV0czAeFw0wOTAxMjEwOTEyMTJaFw0yOTAxMTkwOTEyMTJaMC8xCzAJBgNVBAYT AkZSMQ0wCwYDVQQKEwRDTlJTMREwDwYDVQQDEwhHUklEMi1GUjCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBANmyE3cgaxZGGoFLFkQbvuRUIjEUQfomsWYeGbuxnqVX41uLkMn9 LbXp2mtC/C34XAOzrWSNctdy+hnfiPVOmr5FIMyl8ZHctQ0HVlO/UZcTFXpjUTGuorxt4sV+ OqAwOXcM0HriLXCvYMCv3MknNzub2zXimpm4nguizkncpJvPm6eOGwPvEthIGXKGaP/5Z3ae TM/6oAN4+T0Cw+VOxCnQGF9xRG1LcUmw3OAlfUje5JKr77KaiXQJ9qN5UnxauQP3dNHQgrQs qtIch68OdMQlXyoiXoy4U4L5cApc/j/vTmY+USHL/M2uQN3IeRY1m68yuiDdAIIOXio9jL8m te0CAwEAAaOB4TCB3jAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQnlkgn7iG28q+xLX36 99dIJXCVkzBUBgNVHSMETTBLgBRkfJg+0ajuviPcB4/mZ9GPmoFnwKEwpC4wLDELMAkGA1UE BhMCRlIxDTALBgNVBAoTBENOUlMxDjAMBgNVBAMTBUNOUlMyggEBMA4GA1UdDwEB/wQEAwIB BjBGBgNVHR8EPzA9MDugOaA3hjVodHRwOi8vY3Jscy5zZXJ2aWNlcy5jbnJzLmZyL0NOUlMy LVByb2pldHMvZ2V0ZGVyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAGm1p08bulVtHjz1jK4Wj eul0AaVJD1XwLtQ8CEKljF4nCbax5wEfbP/PFpA8eP8l2+5uWtprZVwP3h1phqUERUBsUboV Xw2nVGVNZgvG+v1HWjT390h1kP8F5AgkSR8y1sUvOo/U6IGs0MGgodHyrEClQAsIeArI2b06 +VoGoQ3eztQU+ZacbfqgSLTLFQFPPIWk10otaSDxv1Z2kdDc/DXX4PuhUKNRunIo9CHv+l+G cWnxDnFmYOkN6CmJ9SbRhdBcDjjnoBepdnPjQQLApldu4PJ9ubv5sdBJuLQwDoCs5zjg2nhP Dir/VONJRr5/kZp35gdRz8DajpludRyHYTCCBKkwggORoAMCAQICAg+cMA0GCSqGSIb3DQEB BQUAMC8xCzAJBgNVBAYTAkZSMQ0wCwYDVQQKEwRDTlJTMREwDwYDVQQDEwhHUklEMi1GUjAe Fw0xMTAyMDcwODQ5NDFaFw0xMjAyMDcwODQ5NDFaMEoxEDAOBgNVBAoTB0dSSUQtRlIxCzAJ BgNVBAYTAkZSMQ4wDAYDVQQKEwVNQUFURzEZMBcGA1UEAxMQSmVyb21lIFJldmlsbGFyZDCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZ6QRZa4BVg2G8nDJFLlO7VJRdwZ9Cc HvuRK+X8JKU3d5xwFXfK2w+yQm1cASwoawzJMtS7UrtXOKlj09FoVymB5lYpTY8wGBBPGwc9 PLJpCH4bf9oIW1eG5V+oV4lGtSdih1mDALSCVH5JPoXpgmRRj+NLi+hunl8Wxw5ImwdF0yh1 oki6HOUexD24mkv3lQZ4gTkLqqtk4VTMm6r8OtvnVuAnjtq0VO1K6fi7g9GYNaD/oAhFIeij yv6cl6Wb8a6SmCrwUMCs505Bwm7zBQhEIpRgIj3A6LJX2GcgQUQGfIZqwqU0psAJp5PH9awG +yKKOWeVgmMqQkdAiufeCDcCAwEAAaOCAbIwggGuMAwGA1UdEwEB/wQCMAAwEQYJYIZIAYb4 QgEBBAQDAgSwMA4GA1UdDwEB/wQEAwID+DBkBglghkgBhvhCAQ0EVxZVQ2VydGlmaWNhdGUg R1JJRDItRlIuIEZvciBtb3JlIGluZm9ybWF0aW9uLCBzZWUgaHR0cDovL2lnYy5zZXJ2aWNl cy5jbnJzLmZyL0dSSUQyLUZSLzAdBgNVHQ4EFgQUqCJx6vNl8nagLBz14Y31T2d3uN0wXAYD VR0jBFUwU4AUJ5ZIJ+4htvKvsS19+vfXSCVwlZOhOKQ2MDQxCzAJBgNVBAYTAkZSMQ0wCwYD VQQKEwRDTlJTMRYwFAYDVQQDEw1DTlJTMi1Qcm9qZXRzggEDMBkGA1UdIAQSMBAwDgYMKwYB BAHUPQEBCAEBMB8GA1UdEQQYMBaBFGpyZXZpbGxhcmRAbWFhdGcuY29tMEEGA1UdHwQ6MDgw NqA0oDKGMGh0dHA6Ly9jcmxzLnNlcnZpY2VzLmNucnMuZnIvR1JJRDItRlIvZ2V0ZGVyLmNy bDAZBggrBgEEAbtiAQQNdW5pY29yZUNsaWVudDANBgkqhkiG9w0BAQUFAAOCAQEAhTFsQuey sSAhxL9IbMMVxYvGuCfuWhFJuZ4yfzCPq08TcVzB0GaPpIVu6E4Vw9Ve8d/U5xRBEYSbOTEF jlqwo69Tv3/LWxtVDVoWxYhUqzhBdPhb/TrAX+aMalAEU7gqQHHq2f8jxlmMogmNNwiiYwCP q/Nf6K6GxaMoBo1RMfypGN7NkOGGwjkNYEPqK5v4W9Uk4g4lh49PyBx3nr5/MsKvZfdrdl7Y djiAOOO5x9RpmcLiwyRQF4mpf12Oy8DByBEWWkvvRIQuHub/Nx/cy1WLbUCFzBBLysM3YjlQ n7cihbo+GrWia5byLnMzwNtN89slscO4hB66tCHY2D4WVzCCBKkwggORoAMCAQICAg+cMA0G CSqGSIb3DQEBBQUAMC8xCzAJBgNVBAYTAkZSMQ0wCwYDVQQKEwRDTlJTMREwDwYDVQQDEwhH UklEMi1GUjAeFw0xMTAyMDcwODQ5NDFaFw0xMjAyMDcwODQ5NDFaMEoxEDAOBgNVBAoTB0dS SUQtRlIxCzAJBgNVBAYTAkZSMQ4wDAYDVQQKEwVNQUFURzEZMBcGA1UEAxMQSmVyb21lIFJl dmlsbGFyZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZ6QRZa4BVg2G8nDJFL lO7VJRdwZ9CcHvuRK+X8JKU3d5xwFXfK2w+yQm1cASwoawzJMtS7UrtXOKlj09FoVymB5lYp TY8wGBBPGwc9PLJpCH4bf9oIW1eG5V+oV4lGtSdih1mDALSCVH5JPoXpgmRRj+NLi+hunl8W xw5ImwdF0yh1oki6HOUexD24mkv3lQZ4gTkLqqtk4VTMm6r8OtvnVuAnjtq0VO1K6fi7g9GY NaD/oAhFIeijyv6cl6Wb8a6SmCrwUMCs505Bwm7zBQhEIpRgIj3A6LJX2GcgQUQGfIZqwqU0 psAJp5PH9awG+yKKOWeVgmMqQkdAiufeCDcCAwEAAaOCAbIwggGuMAwGA1UdEwEB/wQCMAAw EQYJYIZIAYb4QgEBBAQDAgSwMA4GA1UdDwEB/wQEAwID+DBkBglghkgBhvhCAQ0EVxZVQ2Vy dGlmaWNhdGUgR1JJRDItRlIuIEZvciBtb3JlIGluZm9ybWF0aW9uLCBzZWUgaHR0cDovL2ln Yy5zZXJ2aWNlcy5jbnJzLmZyL0dSSUQyLUZSLzAdBgNVHQ4EFgQUqCJx6vNl8nagLBz14Y31 T2d3uN0wXAYDVR0jBFUwU4AUJ5ZIJ+4htvKvsS19+vfXSCVwlZOhOKQ2MDQxCzAJBgNVBAYT AkZSMQ0wCwYDVQQKEwRDTlJTMRYwFAYDVQQDEw1DTlJTMi1Qcm9qZXRzggEDMBkGA1UdIAQS MBAwDgYMKwYBBAHUPQEBCAEBMB8GA1UdEQQYMBaBFGpyZXZpbGxhcmRAbWFhdGcuY29tMEEG A1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmxzLnNlcnZpY2VzLmNucnMuZnIvR1JJRDItRlIv Z2V0ZGVyLmNybDAZBggrBgEEAbtiAQQNdW5pY29yZUNsaWVudDANBgkqhkiG9w0BAQUFAAOC AQEAhTFsQueysSAhxL9IbMMVxYvGuCfuWhFJuZ4yfzCPq08TcVzB0GaPpIVu6E4Vw9Ve8d/U 5xRBEYSbOTEFjlqwo69Tv3/LWxtVDVoWxYhUqzhBdPhb/TrAX+aMalAEU7gqQHHq2f8jxlmM ogmNNwiiYwCPq/Nf6K6GxaMoBo1RMfypGN7NkOGGwjkNYEPqK5v4W9Uk4g4lh49PyBx3nr5/ MsKvZfdrdl7YdjiAOOO5x9RpmcLiwyRQF4mpf12Oy8DByBEWWkvvRIQuHub/Nx/cy1WLbUCF zBBLysM3YjlQn7cihbo+GrWia5byLnMzwNtN89slscO4hB66tCHY2D4WVzGCAqwwggKoAgEB MDUwLzELMAkGA1UEBhMCRlIxDTALBgNVBAoTBENOUlMxETAPBgNVBAMTCEdSSUQyLUZSAgIP nDAJBgUrDgMCGgUAoIIBTDAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ BTEPFw0xMTA0MDcxODQ3NDBaMCMGCSqGSIb3DQEJBDEWBBSq5yiF1cMKssewJ49M0MUIwsL7 pTBEBgkrBgEEAYI3EAQxNzA1MC8xCzAJBgNVBAYTAkZSMQ0wCwYDVQQKEwRDTlJTMREwDwYD VQQDEwhHUklEMi1GUgICD5wwRgYLKoZIhvcNAQkQAgsxN6A1MC8xCzAJBgNVBAYTAkZSMQ0w CwYDVQQKEwRDTlJTMREwDwYDVQQDEwhHUklEMi1GUgICD5wwXwYJKoZIhvcNAQkPMVIwUDAL BglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFA MAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABIIBALU0coUvGuRGeGRF qc4IIjpAAQQkxTbhdL6lONB0xyxO9aAxVliJvzFY/ylRO6H56wwfvbn+tz4os8Vv+0sf3LEL gHnqk02Eg9P6j288vhBwmuWOCbl5P/ydlUOGWCLSmGwgBL1kKGFhKGXICrytQEbZ75uJdKEN 67TDJevLhL+cc2UjyzTKeTXpKc9vEkOdarJrsIva+T9c20XqdMmV9ON/YkHuacWa9rgmsDfI yxbucgKpZUJbIUnwW/8uCc3Q3rYRUZj4wYAyDBaTyqfqIA0Nzhz6Snq0ISNzmx23/ekbuHH2 3e0z+SXM7602A6xzkV7A7GIkfDGhurPb+vTluuwAAAAAAAA= --------------ms090407050704020803070508--