Claudio Miranda [https://community.jboss.org/people/Claudio4J] created the discussion
"Re: @WS with CLIENT-CERT throws Invalid HTTP server response [401] - Unauthorized on client side" To view the discussion, visit: https://community.jboss.org/message/724358#724358 -------------------------------------------------------------- > from the service side, confirm that there is a certificate that can be used > by the service and that the trust store contains the issuing certificate > authority > for the certificate used by the client The server keystore jaas-ms-ejb-ear.ear/jaas-ms-ejb-ws-1.0.0.jar/server_jbossws.jks has 2 entries PrivateKeyEntry: server_jbossws trustedCertEntry: client_jbossws The server truststore has 2 public keys: server_jbossws and client_jbossws You can see it in details from the original post. > from the client side, confifrm that there is a certificate that can be used > by the client and that the trust store contains the issuing certificate > authority for > the certificate used by the service The client keystore src/META-INF/client_jbossws.jks has 2 entries PrivateKeyEntry: client_jbossws trustedCertEntry: server_jbossws The client truststore has 2 public keys: server_jbossws and client_jbossws You can see it in details from the original post. > from login-config.xml of jboss, what does UserCertPolicy look like? The security-domain setting is in the file *jaas-ms-ejb-ear.ear/lib/jaas-ms-1.1.4.jar/META-INF/ms-auth-jboss-beans.xml* Its contents are > <deployment xmlns="urn:jboss:bean-deployer:2.0"> > > <application-policy name="*UserCertPolicy*" > xmlns="urn:jboss:security-beans:1.0"> > <authentication> > <login-module code="*br.gov.saude.jaas.spi.UserCertLoginModule*" > flag="required"></login-module> > </authentication> > </application-policy> > </deployment> > And what does this class look like? what does it do? > br.com.myapp.jaas.spi.SubjectMapper Accordingly to [1] I want to extract the username from certificate to authenticate. > public class SubjectMapper extends SubjectCNMapping { > > public Principal toPrinicipal(X509Certificate[] arg0) { > Principal prinicipal = super.toPrinicipal(arg0); > return prinicipal; > } > Thank you for the help. 1. https://community.jboss.org/docs/DOC-13538#X509_certificate_token https://community.jboss.org/wiki/JBossWS-WS-SecurityOptions#X509_certificate_token -------------------------------------------------------------- Reply to this message by going to Community [https://community.jboss.org/message/724358#724358] Start a new discussion in JBoss Web Services at Community [https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
_______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
