Details

    • Type: Enhancement
    • Status: New (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: EAP64 1.8.5.GA, EAP71 1.3.3.GA
    • Fix Version/s: None
    • Component/s: EAP6, EAP7, EAP_CD, RH-SSO
    • Labels:
      None
    • Affects:
      Compatibility/Configuration, User Experience
    • Sprint:
      CLOUD Maintenance Sprint 28

      Description

      The openshift image needs to be customized (standalone-openshift.xml) in order to use the X509 / Certificate login. X509 login needs the configuration of the HTTPS realm (keystore and trust-store) and setting the verify-client option to REQUESTED (see documentation.

      In the openshift image the trust-store in the ApplicationRealm cannot be configured (only the ssl server-identity is set):

      <security-realm name="ApplicationRealm">
        ...
        <authentication>
          ...  
          <truststore path="cacerts" relative-to="jboss.server.config.dir" keystore-password="XXXX"/>
        </authentication>
      </security-realm>
      

      And the verify-client option in the undertow https connector cannot be set either:

      <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" verify-client="REQUESTED"/>
      

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  iankko Ján Lieskovský
                  Reporter:
                  iankko Ján Lieskovský
                  Involved:
                  Marek Schmidt, Pavel Drobek, Pavel Drozd
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated: