[
https://issues.apache.org/jira/browse/KNOX-1046?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16176796#comment-16176796
]
Larry McCay commented on KNOX-1046:
-----------------------------------
Initial commit done here - still need some tests and to add the ability to
check for client cert based on configuration. May does this initially within
KnoxToken service for the Token Exchange usecase.
> Add Client Cert Wanted Capability with Configurable Validation that Checks
> for It
> ---------------------------------------------------------------------------------
>
> Key: KNOX-1046
> URL: https://issues.apache.org/jira/browse/KNOX-1046
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Reporter: Larry McCay
> Assignee: Larry McCay
> Fix For: 0.14.0
>
>
> While we do have support for requiring CLIENT_CERT it ends up requiring it
> for all clients to all services across all topologies. We can add support for
> WANTS client cert that will accept it from any client that provides it but
> not require it.
> We can then add a custom validator for HeaderPreAuth and maybe to combine
> with other federation providers to extend our trust model with authentication
> of a trusted proxy/app.
> It will require a gateway-site.xml config element for 'wants' and a validator
> to check for it where required while it not gate requests for endpoints that
> don't require it.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
