Uploaded image for project: 'Cloud Enablement'
  1. Cloud Enablement
  2. CLOUD-2823

Add X509 configuration for the openshift image

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • EAP64 1.8.5.GA, EAP71 1.3.3.GA
    • EAP6, EAP7, EAP_CD, RH-SSO
    • None
    • Compatibility/Configuration, User Experience
    • CLOUD Maintenance Sprint 28

      The openshift image needs to be customized (standalone-openshift.xml) in order to use the X509 / Certificate login. X509 login needs the configuration of the HTTPS realm (keystore and trust-store) and setting the verify-client option to REQUESTED (see documentation.

      In the openshift image the trust-store in the ApplicationRealm cannot be configured (only the ssl server-identity is set):

      <security-realm name="ApplicationRealm">
  ...
  <authentication>
    ...  
    <truststore path="cacerts" relative-to="jboss.server.config.dir" keystore-password="XXXX"/>
  </authentication>
</security-realm>

      And the verify-client option in the undertow https connector cannot be set either:

      <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" verify-client="REQUESTED"/>

              rhn-jlieskov Ján Lieskovský (Inactive)
              rhn-jlieskov Ján Lieskovský (Inactive)
              Marek Schmidt, Pavel Drobek (Inactive), Pavel Drozd
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: