I was thinking about something more complex [1] where principals may be populated from peer certificate.
[1] https://github.com/jboss-switchyard/core/blob/master/security/base/src/main/java/org/switchyard/security/login/CertificateLoginModule.java Cheers, Lukasz Wiadomość napisana przez Achim Nierbeck <bcanh...@googlemail.com> w dniu 20 lut 2013, o godz. 15:11: > Lukasz, > > Pax-Web should work with Certificates already, it just needs a proper > combination of the authentication which should be done by Pax-Web and the > authorization which should be done by the JAAS part of Karaf. > > regards, Achim > > > 2013/2/20 Łukasz Dywicki <l...@code-house.org> > I think you may get this with chaining JAAS login modules in login context > configuration, however we don't ship certificate login module yet. > > Which certificate login module do you use now? > > Lukasz > > Wiadomość napisana przez Achim Nierbeck <bcanh...@googlemail.com> w dniu 20 > lut 2013, o godz. 11:20: > >> Hi Lars, >> >> I'm sure it's possible. Do you have a working "simple" Application that >> already works on a std. jetty? >> If so, try to port those things needed to karaf. >> Karaf supports JAAS so if you are able to get your JAAS configuration >> working I'm sure it's a easy move over. >> >> To my understanding the user attached to the certificate needs to be know in >> the jaas part. >> Since the authentication is done via certificate the JAAS part is only >> needed for the authorization. >> >> Regards, Achim >> >> >> 2013/2/19 helander <leh...@gmail.com> >> Hi, >> I am connecting to a web application in Karaf using https and a client >> certificate and it works fine. >> Now I want to associate the authenticated client with a set of roles defined >> in a JAAS login module, e.g. in user.properties or via LDAP. Is this >> possible? How to set it up? What "user" name could be used, e.g. what part >> of the client certificate would the user identity be selected from? >> >> Any help is highly appreciated. >> >> Thanks >> >> Lars >> >> >> >> -- >> View this message in context: >> http://karaf.922171.n3.nabble.com/Https-2-way-authentication-and-JAAS-tp4027804.html >> Sent from the Karaf - User mailing list archive at Nabble.com. >> >> >> >> -- >> >> Apache Karaf <http://karaf.apache.org/> Committer & PMC >> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & >> Project Lead >> OPS4J Pax for Vaadin <http://team.ops4j.org/wiki/display/PAXVAADIN/Home> >> Commiter & Project Lead >> blog <http://notizblog.nierbeck.de/> > > > > > -- > > Apache Karaf <http://karaf.apache.org/> Committer & PMC > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & > Project Lead > OPS4J Pax for Vaadin <http://team.ops4j.org/wiki/display/PAXVAADIN/Home> > Commiter & Project Lead > blog <http://notizblog.nierbeck.de/>