Hi,
I have setup WAS(IBM Websphere Applicaiton Server) client authentication
(one WAS is server and another WAS as client) with imported corresponding
cert into keystores and truststores.
Since it run on HTTPS, I have added http-conduit as recommended in the
official website to support HTTPS. As I expected, the client authentication
should be handled by the 2 WAS instead of CXF. However, hte outcome is we
have to set keymanagers inside http-conduit element to present the client
certificate for authentication.
Something like that:
---------------------------
<http:conduit name="{http://apache.org/hello_world}HelloWorld.http-conduit";>
<http:tlsClientParameters>
*<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password"
file="my/file/dir/Morpit.jks"/>
</sec:keyManagers>* <sec:trustManagers>
<sec:keyStore type="JKS" password="password"
file="my/file/dir/Truststore.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
<http:client AutoRedirect="true" Connection="Keep-Alive"/>
</http:conduit>
-------------------------------
Anyone has idea about that?
--
View this message in context:
http://cxf.547215.n5.nabble.com/Client-authentication-on-SSL-with-CXF-tp5074054p5074054.html
Sent from the cxf-user mailing list archive at Nabble.com.
