On Thu, Sep 26, 2019 at 3:56 PM Piraveena Paralogarajah <[email protected]> wrote:
> Hi Gayan, > > Once the Load balancer passes the certificate in the header to the server, > the tomcat valve will read that and set it as request attribute. You can > find the code related to this here[1] > > [1] > https://github.com/wso2-extensions/identity-x509-commons/blob/master/components/valve/src/main/java/org/wso2/carbon/extension/identity/x509Certificate/valve/X509CertificateAuthenticationValve.java#L44 > Thank you :) > > Thanks, > Piraveena > *Piraveena Paralogarajah* > Software Engineer | WSO2 Inc. > *(m)* +94776099594 | *(e)* [email protected] > > > > On Thu, Sep 26, 2019 at 7:44 PM gayan gunawardana <[email protected]> > wrote: > >> Hi Piraveena, >> >> Thanks for detail response. >> However I am referring to APIM synapse endpoints and API authentication >> handlers. Having x509 authenticator is great, probably I will extract x509 >> authenticator code for custom API authentication handler. >> >> Thanks, >> Gayan >> >> On Thu, Sep 26, 2019 at 7:52 AM Piraveena Paralogarajah < >> [email protected]> wrote: >> >>> Hi Gayan, >>> >>> During SSL termination, the load balancer will drop the client's >>> certificate. From the load balancer, you can send the client's >>> certificate as HTTP header. x509 authenticator in IS already supports SSL >>> termination. You can check the blog [1] and the doc [2] for the configs >>> >>> [1] >>> https://medium.com/@piraveenaparalogarajah/configuring-x509-authenticator-in-wso2-identity-server-using-ssl-termination-with-nginx-1c21c6e5f27a >>> [2] >>> https://docs.wso2.com/display/ISCONNECTORS/Configuring+X509+Authenticator+with+SSL+Termination >>> >>> Thanks, >>> Piraveena >>> *Piraveena Paralogarajah* >>> Software Engineer | WSO2 Inc. >>> *(m)* +94776099594 | *(e)* [email protected] >>> >>> >>> >>> On Wed, Sep 25, 2019 at 11:47 AM gayan gunawardana < >>> [email protected]> wrote: >>> >>>> >>>> >>>> On Wed, Sep 25, 2019 at 6:49 AM Asela Pathberiya <[email protected]> >>>> wrote: >>>> >>>>> >>>>> >>>>> On Wed, Sep 25, 2019 at 10:47 AM gayan gunawardana < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi APIM team, >>>>>> >>>>>> Is there any recommended deployment pattern to implement [1] if SSL >>>>>> termination happen from load balancer ? >>>>>> >>>>> >>>>> One option is that sending the client certificate's data using HTTP >>>>> header. Also it can be done at the SSL termination point as it has access >>>>> to the client certificate. >>>>> >>>>> I assume that we have implemented such sample handler to GW. >>>>> >>>> Thanks a lot for quick reply. >>>> I suppose sending the client certificate's data using HTTP header is >>>> much convenient. >>>> Having it on SSL termination point is also a good option but the >>>> problem is when we have multiple APIs with multiple certificates how to >>>> maintain API to certificate mapping in SSL termination point. >>>> >>>>> >>>>> Thanks, >>>>> Asela. >>>>> >>>>> >>>>>> >>>>>> [1] https://docs.wso2.com/display/AM260/Securing+APIs+with+Mutual+SSL >>>>>> >>>>>> -- >>>>>> Gayan >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>> >>>>> >>>>> -- >>>>> Thanks & Regards, >>>>> Asela >>>>> >>>>> Mobile : +94 777 625 933 >>>>> >>>>> http://soasecurity.org/ >>>>> http://xacmlinfo.org/ >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>> >>>> >>>> -- >>>> Gayan >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>> >> >> -- >> Gayan >> > -- Gayan
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
