Hi all, I have another requirement in my project (a tough one). Instead of using username/password I want to use only certificate for both authentication and authorization.
I see two approaches: 1. As JMS allows only (username, password) in createConnection(), I can export certificate to a String and supply it as a username and develop custom JAAS login module that would convert username String back to the certificate and authenticate (against an LDAP directory). However, I don't like this approach. 2. As I am going to use SSL anyway, I would like to use SSL client authentication as the basis for AMQ authentication. As much as I understood JSSE, certificates are checked against keystore so I can develop custom keystore implementation that checks certificates against LDAP directory. However, I do not know how to make AMQ aware of this process i.e. how to bind the Subject with SSL connection so that AMQ can use this information for authorization. SSL client authentication is invisible to AMQ, as I understood. Concentrating on approach (2.), I can obtian certificates from SSL session but how do I obtain SSL session from AMQ? Is it Connection, Transport or other entity? Would it be convenient in current AMQ architecture to do what I propose? I would appreciate a hint from somebody with deeper knowledge of AMQ and JSSE. Thanks and regards, NGC -- View this message in context: http://www.nabble.com/Certificate-login-tf2029724.html#a5583011 Sent from the ActiveMQ - Dev forum at Nabble.com.
