Thank you!
I can solve part of my problem whit you information. I make this:
I want to conect the "provider" role (servicemix-http) to a external Web
Service throw HTTPS.
The first step is create the keystore, and import it the certificate:
keytool -genkey -alias mycert
This creates a .keystore in the user's home dir
keytool -import -keystore trustedCert -file Server.cer
This creates a trustedCert file in the same directory
The Server.cer i downloaded with internet explorer (X.509 base 64 (.CER) )
keytool -list -keystore trustedCert
Here show information about keystore, it must show "trustedCertEntry"
Then copy the trustedCert file to $SERVICEMIX_HOME /conf directory and in
the xbean.xml i configured the route to this file.
I received an error: "HTTPS hostname wrong", this is because the url server
isn't equal that the CN. You must change the url o implement
HostnameVerifier. I add an entry in my hosts file, because i can't change
the url address.
But now, i want to authenticated access to External Web Services, and i
think that it isn't implemented (it's right?)
I tested in the provider:
<http:basicAuthentication>
<http:basicAuthCredentials username="user" password="pass" />
</http:basicAuthentication>
But this not work!
Thanks!
wizard wrote:
>
> We create our keys using:
>
> 1) keytool -genkey -keysize 512 -keyalg RSA -alias mycert -dname
> "myDistinguishedName" -validity 999
>
> This creates a .keystore in you home dir. Then:
>
> 2) keytool -export -alias mycert -file mypub.cer
>
> Exports the public key from the created certificate. Then we import this
> public key in the remote cacerts (client)
>
> 3) keytool -import -keystore "myKeystoreFile" -storepass "myPassword"
> -alias mycert -file "theCreated.cerFile"
>
> Note that conf/serverkey.jks in xbean.xml contains the private key we just
> created in step 1
>
> This procedure authenticates the servicemix server in the client.
> If the remote client is to be authenticated in servicemix, the servicemix
> cacerts should contain the client's public key (or all keys from its
> certification path) too.
>
>
>
> jlbarrera wrote:
>>
>> Thank you very much
>> You are using SSL in the consumer role, but i need make it but in the
>> role provider. I know that the syntax is equal for same roles, but the
>> way of create the keystore i think that must be diferent, because i
>> received an error:
>>
>> unable to find valid certification path to requested target
>>
>> I think that i dont create the keystore in the correct way.
>>
>> Regards!
>>
>>
>> wizard wrote:
>>>
>>> This is our xbean.xml:
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>
>>> <beans xmlns:http="http://servicemix.apache.org/http/1.0";
>>> xmlns:sa="http://sa";
>>> xmlns:sahs="http://sa/hs";>
>>>
>>> <classpath>
>>> <location>.</location>
>>> </classpath>
>>>
>>> <http:endpoint service="sahs:hs"
>>> endpoint="porths"
>>> role="consumer"
>>> locationURI="https://0.0.0.0:8192/Service/";
>>> defaultMep="http://www.w3.org/2004/08/wsdl/in-out";
>>> targetEndpoint="portseh"
>>> targetService="sa:sajbiseHTTP"
>>>>
>>>
>>> <http:ssl>
>>> <http:sslParameters
>>> keyStore="conf/serverkey.jks"
>>> keyStorePassword="my_keystore_password"
>>> needClientAuth="true"/>
>>> </http:ssl>
>>> </http:endpoint>
>>> </beans>
>>>
>>>
>>> The keystore file was created using keytool.exe from java.
>>> Hope this helps...
>>>
>>>
>>> jlbarrera wrote:
>>>>
>>>> Hello wizard,
>>>>
>>>> I have seen that you are using HTTP BC with SSL.
>>>> You could explain me how you have make it? and how you create the
>>>> keystores?
>>>> it will be very useful for me.
>>>>
>>>> Thanks!
>>>>
>>>>
>>>> wizard wrote:
>>>>>
>>>>> Hi all,
>>>>>
>>>>> We are using HTTP BC with SSL enabled. This BC points to a SE
>>>>> developed by us. What we want to do is to authenticate a given user in
>>>>> this SE. Our client doesn't have any login info, apart from the
>>>>> certificates. Is this required?
>>>>>
>>>>> In our SE we use NormalizedMessage.getSecuritySubject(), but this
>>>>> always returns null. How can we get info about the user in a SE?
>>>>>
>>>>> Thanks in advance!
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
--
View this message in context:
http://www.nabble.com/Authenticate-user-in-Service-Engine-tf3016263s12049.html#a9472200
Sent from the ServiceMix - User mailing list archive at Nabble.com.
