Uploaded image for project: 'JBoss Enterprise Application Platform 6'
  1. JBoss Enterprise Application Platform 6
  2. JBPAPP6-1772

SubjectCNMapper is not called with CertificatesRoles login-module

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Migrated to another ITS
    • Affects Version/s: EAP 6.0.0, EAP 6.0.1
    • Fix Version/s: None
    • Component/s: Security, Web
    • Labels:
      None
    • Docs QE Status:
      NEW

      Description

      I'm using the CertRolesLoginModule to perform CLIENT_CERT authentication with EAP 6.0.1. I configured my security-domain to use SubjectCNMapper to map a principal's name to CN as follow:-

        <security-domain name="mycertauth" cache-type="default">
          <authentication>
            <login-module code="CertificateRoles" flag="required">
              <module-option name="securityDomain" value="mycertauth"/>
              <module-option name="verifier" value="org.jboss.security.auth.certs.AnyCertVerifier"/>
              <module-option name="rolesProperties" value="${project.build.outputDirectory}/config/ws-roles.properties"/>
            </login-module>
          </authentication>
          <mapping>
            <mapping-module code="org.jboss.security.mapping.providers.principal.SubjectCNMapper" type="principal" />
          </mapping>                   
          <jsse truststore-url="${project.build.outputDirectory}/config/ServerTrustStore.jks"
                                truststore-password="password"
                                truststore-type="jks" client-auth="true"
                                keystore-url="${project.build.outputDirectory}/config/ServerKeyStore.jks"
                                keystore-password="password"
                                keystore-type="jks"
                                  />
        </security-domain>
      

      But it does not affect, and HttpServletRequest#getUserPrincipal()#getName() returns DN.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                sguilhen Stefan Guilhen
                Reporter:
                hisanobu.okuda Hisanobu Okuda
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: