Hi Martin This sound like the difficulties we had for enabling WebId for clerezza. We ended up using a tweaked jetty httpd service which listens to SSLContext services that can be used to verify the certificate by other means (or just accept any certificate). I'm not sure if more recent versions of the felix httpd service support this feature too.
The project is here: https://bitbucket.org/reto/jetty-osgi-httpservice And the actual code is here: https://bitbucket.org/reto/jetty-osgi-httpservice/src/ee494bde068567c86402451899e43c14c1f421fc/core/src/main/java/org/wymiwyg/jetty/httpservice/Activator.java?at=default Here's some scala code registering a suitable SSLContext: https://svn.apache.org/repos/asf/clerezza/branches/wrhapi/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/ssl/Activator.scala Cheers, Reto On Tue, Jun 4, 2013 at 7:31 AM, Martin Stiborský <[email protected] > wrote: > Hello, > we have a project in Apache Camel, deployed to Karaf. > There we have a CXF-RS interface exposed in Camel routes. To limit and > "secure" access to the REST interface, we have used SSL client cert > authentication ( > http://blog.nanthrax.net/2012/12/how-to-enable-https-certificate-client-auth-with-karaf/ > ). > So, only trusted clients with valid certificate are allowed to use the > REST interface. > > Now we have a complication, for some cases we need to use different > kind of authentication and "bypass" the SSL client auth cert. > I have found that for example Basic HTTP auth is possible to configure > with JAAS. > > My question is, it is possible to configure also this builtin > Karaf/pax-web SSL client auth cert with JAAS? > Or I have to write custom LoginModule for CXF and handle all the SSL > heavy lifting there and get away from the Karaf builtin feature? > > Thanks guys! > > -- > S pozdravem / Best regards > Martin Stiborský > > Jabber: [email protected] > Twitter: http://www.twitter.com/stibi >
