karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Schneider <ch...@die-schneider.net>
Subject Support certificate based authentication for karaf JAAS
Date Thu, 10 Jul 2014 14:52:32 GMT
We have the following issue in CXF:
https://issues.apache.org/jira/browse/CXF-5118

What we want to achieve is to let a user authenticate against a 
webservice running in karaf using a client certificate.

We would like to leverage the karaf JAAS support to do the mapping from 
certificate to user and to lookup the roles.
I have described some ideas how to do this in the issue above.

Some would require to change the LDAPLoginModule to support a mode to 
just retrieve the groups and not do actual authentication (configurable).
Which could be an issue if someone uses it as a user/password login 
module and configures it incorrectly.

The other solutions have other issues.

So what solution would you choose?
Or should we alternatively keep this complete code out of karaf?

Christian

-- 
Christian Schneider
http://www.liquid-reality.de

Open Source Architect
http://www.talend.com


Mime
View raw message