Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-6205

Unable to setup CLIENT_CERT authentication with elytron.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • 7.1.0.DR6
    • 7.1.0.DR5
    • Security
    • None

    Description

      Following Zach's notes on How to setup 2 way TLS I am unable to setup it properly. User is not requested by browser for specifying client certificate and get access to application without certificate.

      In log you there is:
      1. Server send request for certificate

      ^[[0m^[[0m13:55:33,309 INFO  [stdout] (default task-1) *** CertificateRequest
^[[0m^[[0m13:55:33,309 INFO  [stdout] (default task-1) Cert Types: RSA, DSS, ECDSA
^[[0m^[[0m13:55:33,309 INFO  [stdout] (default task-1) Cert Authorities:
^[[0m^[[0m13:55:33,310 INFO  [stdout] (default task-1) <CN=client>

      2. And client responds with empty certificate chain. Without asking for certificate

      ^[[0m^[[0m13:55:33,432 INFO  [stdout] (default task-2) *** Certificate chain
^[[0m^[[0m13:55:33,432 INFO  [stdout] (default task-2) <Empty>
^[[0m^[[0m13:55:33,432 INFO  [stdout] (default task-2) ***

      I am attaching:

      • server.log - server log with -Djavax.net.debug=all turn on.
      • 2wayTLS.pcap - wireshark recording of port 8443
      • secured-app - tested application

      Attachments

        1. 2wayTLS.pcap
          7 kB
        2. secured-webapp.tar.gz
          4.23 MB
        3. server.log
          72 kB

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. ELY-646 Unable to setup CLIENT_CERT authentication with elytron.

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-6253 (7.1.0) Upgrade to WildFly Core 3.0.0.Alpha10

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              jkalina@redhat.com Jan Kalina (Inactive)
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: