Madhavan Kidambi created RAMPART-412:
----------------------------------------
Summary: SSL mutual Authentication failed when Require SSL policy
configured with the Client Certificate Required as true.
Key: RAMPART-412
URL: https://issues.apache.org/jira/browse/RAMPART-412
Project: Rampart
Issue Type: Question
Components: rampart-policy
Affects Versions: 1.6.2
Reporter: Madhavan Kidambi
Hi,
When we configure a service with Require HTTPS and Client certificate required
RamartUtil of version 1.6 does the following check at under validateTransport(
Line 1835)
if (((HttpsToken) rpd.getTransportToken()).isRequireClientCertificate()) {
MessageContext messageContext = rmd.getMsgContext();
HttpServletRequest request = ((HttpServletRequest)
messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST));
if (request == null ||
request.getAttribute("javax.servlet.request.X509Certificate") == null) {
throw new RampartException("clientAuthRequired");
}
}
Our question is now
1. How to validate Non-servlet requests i.e
HTTPConstants.MC_HTTP_SERVLETREQUEST is not set.
Since because of this the policy valdiation always fails even before the valid
Client certificate validation happens.
2. Can we know the reason for adding such a validation
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
