Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-1056

Certificate to principal mapping

    XMLWordPrintable

Details

    • Feature Request
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Obsolete
    • None
    • 11.0.0.Alpha1
    • Security
    • None

    Description

      In JBoss 7 it is no longer possible to configure how a certificate is mapped to a principal using client-cert authentication. The dynamic code was removed in JBoss 7 in the JBossWebRealm and is now hard coded to use the SubjectDNMapping:
      http://grepcode.com/file/repository.jboss.org/nexus/content/repositories/releases/org.jboss.jbossas/jboss-as-tomcat/6.1.0.Final/org/jboss/web/tomcat/security/JBossWebRealm.java
      http://grepcode.com/file/repository.jboss.org/nexus/content/repositories/releases/org.jboss.as/jboss-as-web/7.0.1.Final/org/jboss/as/web/security/JBossWebRealm.java

      Also the JBossWebRealm does only consider role- but no principal-mapping modules.

      We use this to authenticate users against an ldap server where the dn of the user doesn't match the dn in the ldap server. Also it's useful for display purpose in an application.
      An example and some further information is in the linked user form thread.

      Attachments

        Activity

          People

            anil.saldhana Anil Saldanha (Inactive)
            yvesdermeister Yves Peter (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: