[
https://issues.apache.org/jira/browse/KNOX-1046?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16176791#comment-16176791
]
ASF subversion and git services commented on KNOX-1046:
-------------------------------------------------------
Commit 5432c872271e42d1ba8981e5f5de2059d5509ba2 in knox's branch
refs/heads/master from [~lmccay]
[ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=5432c87 ]
KNOX-1046 - Add Client Cert Wanted Capability with Configurable Validation that
Checks for It
> Add Client Cert Wanted Capability with Configurable Validation that Checks
> for It
> ---------------------------------------------------------------------------------
>
> Key: KNOX-1046
> URL: https://issues.apache.org/jira/browse/KNOX-1046
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Reporter: Larry McCay
> Assignee: Larry McCay
> Fix For: 0.14.0
>
>
> While we do have support for requiring CLIENT_CERT it ends up requiring it
> for all clients to all services across all topologies. We can add support for
> WANTS client cert that will accept it from any client that provides it but
> not require it.
> We can then add a custom validator for HeaderPreAuth and maybe to combine
> with other federation providers to extend our trust model with authentication
> of a trusted proxy/app.
> It will require a gateway-site.xml config element for 'wants' and a validator
> to check for it where required while it not gate requests for endpoints that
> don't require it.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
