Uploaded image for project: 'Cloud Enablement'
  1. Cloud Enablement
  2. CLOUD-2823

Add X509 configuration for the openshift image

    XMLWordPrintable

Details

    • Enhancement
    • Resolution: Unresolved
    • Major
    • None
    • EAP64 1.8.5.GA, EAP71 1.3.3.GA
    • EAP6, EAP7, EAP_CD, RH-SSO
    • None
    • Compatibility/Configuration, User Experience
    • CLOUD Maintenance Sprint 28

    Description

      The openshift image needs to be customized (standalone-openshift.xml) in order to use the X509 / Certificate login. X509 login needs the configuration of the HTTPS realm (keystore and trust-store) and setting the verify-client option to REQUESTED (see documentation.

      In the openshift image the trust-store in the ApplicationRealm cannot be configured (only the ssl server-identity is set):

      <security-realm name="ApplicationRealm">
  ...
  <authentication>
    ...  
    <truststore path="cacerts" relative-to="jboss.server.config.dir" keystore-password="XXXX"/>
  </authentication>
</security-realm>

      And the verify-client option in the undertow https connector cannot be set either:

      <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" verify-client="REQUESTED"/>

      Attachments

        Activity

          People

            rhn-jlieskov Ján Lieskovský
            rhn-jlieskov Ján Lieskovský
            Marek Schmidt, Pavel Drobek, Pavel Drozd
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated: