Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-6205

Unable to setup CLIENT_CERT authentication with elytron.

    XMLWordPrintable

Details

    • Bug
    • Status: Verified (View Workflow)
    • Blocker
    • Resolution: Done
    • 7.1.0.DR5
    • 7.1.0.DR6
    • Security
    • None

    Description

      Following Zach's notes on How to setup 2 way TLS I am unable to setup it properly. User is not requested by browser for specifying client certificate and get access to application without certificate.

      In log you there is:
      1. Server send request for certificate

      ^[[0m^[[0m13:55:33,309 INFO  [stdout] (default task-1) *** CertificateRequest
      ^[[0m^[[0m13:55:33,309 INFO  [stdout] (default task-1) Cert Types: RSA, DSS, ECDSA
      ^[[0m^[[0m13:55:33,309 INFO  [stdout] (default task-1) Cert Authorities:
      ^[[0m^[[0m13:55:33,310 INFO  [stdout] (default task-1) <CN=client>
      

      2. And client responds with empty certificate chain. Without asking for certificate

      ^[[0m^[[0m13:55:33,432 INFO  [stdout] (default task-2) *** Certificate chain
      ^[[0m^[[0m13:55:33,432 INFO  [stdout] (default task-2) <Empty>
      ^[[0m^[[0m13:55:33,432 INFO  [stdout] (default task-2) ***
      

      I am attaching:

      • server.log - server log with -Djavax.net.debug=all turn on.
      • 2wayTLS.pcap - wireshark recording of port 8443
      • secured-app - tested application

      Attachments

        1. 2wayTLS.pcap
          7 kB
        2. secured-webapp.tar.gz
          4.23 MB
        3. server.log
          72 kB

        Issue Links

          Activity

            People

              jkalina@redhat.com Jan Kalina (Inactive)
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: