> On May 3, 2015, at 5:14 AM, Oleksandr Bodriagov (Polystar) > <[email protected]> wrote: > > > I wonder if there is any way for Fortress to work with clients that have > certificates instead of passwords. I am interested in operations like > checkAccess and rbacPerms.
Currently a client of fortress may validate a certificate (outside of fortress), extract the identity, and call createSession with isTrusted set to true. This allows the rbac session to be returned to the client without the need to validate a password. As a future enhancement I would support an enhancement request where fortress accepts the certificate from the client, performs the certificate validation, within the createSession API. Patches welcome. :-) Shawn [email protected]
