Details
Description
The openshift image needs to be customized (standalone-openshift.xml) in order to use the X509 / Certificate login. X509 login needs the configuration of the HTTPS realm (keystore and trust-store) and setting the verify-client option to REQUESTED (see documentation.
In the openshift image the trust-store in the ApplicationRealm cannot be configured (only the ssl server-identity is set):
<security-realm name="ApplicationRealm"> ... <authentication> ... <truststore path="cacerts" relative-to="jboss.server.config.dir" keystore-password="XXXX"/> </authentication> </security-realm>
And the verify-client option in the undertow https connector cannot be set either:
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" verify-client="REQUESTED"/>