Comments (4)
Comment from jmagne (@jmagne) at 2011-11-22 20:05:31
Experimented with a sample JNDI realm hooked up with the "CLIENT-CERTS" authentication method. This was done using tomcatjss at the connector level. Going to the page asks for the cert. Research indicates that there is a way to create a custom JNDI tomcat Realm that overrrides the getPricipal(X509Cert certs) method. We could add code to both make use of the JNDI realm and actually compare the incoming cert to the cert in the LDAP database already encoded.
from pki.
Comment from jmagne (@jmagne) at 2011-12-06 20:46:35
Progress:
Was able to put together a rough custom JNDI realm hooked up to our tomcatjss SSL Connector port. The realm does nothing but override "getPrincipal(X509Cert usercert) and extracts the uid of the incoming user from the cert's subject name.That uid is sent into getPrincipal(String username). The JNDI part of the realm is configured simply to search for the user from a base dn using a simple search pattern.
The next step is to put in some code to do the certificate comparison that we do in our system already.
from pki.
Comment from jmagne (@jmagne) at 2012-01-19 19:43:01
The solid concept it here. There will be a bit more investigation to finish this off.
from pki.
Comment from jmagne (@jmagne) at 2017-02-27 14:08:23
Metadata Update from @jmagne:
- Issue assigned to jmagne
- Issue set to the milestone: Dogtag 10.0.0.a1
from pki.
Related Issues (20)
- Drop remaining usages of SHA-1 HOT 1
- make pkidestroy more robust to failures - example with partitions nearly full
- make pkispawn more robust to failures - add an option to clean up left overs when pkispawn and pkidestroy fail
- Simplify release process
- Wait for build jobs timeout if you submit more than one pipeline at once. HOT 1
- Escape character is added to profile after saving the cert profile.
- Nitrokey HSM 2 with Dogtag PKI HOT 2
- Catch more specific exceptions in Python scripts.
- Determine the root cause of TPS Connector issue on TPS installation and stop ignoring it.
- Build warning: unknown enum constant Status.STABLE
- Don't assume user's temp directory is traversable HOT 6
- Create home directory for pkiuser
- DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
- Conscious Language Effort HOT 1
- Nightly test failure with @pki/master copr repo HOT 8
- Add support for Tomcat 10 HOT 1
- wildcard support in ACME is broken HOT 1
- Images do Not Load and Other Questions HOT 1
- PKI Server CA Certificate Request from cert not work
- Python Client Approval Fails HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pki.