All - Is there a way to define an HTTPS content repository in RHQ where the authentication is done using the user's PKI cert? I know you can currently define an http repo similar to the the JBoss repo where the user's credentials are entered as username and password combo. Our use case is such that instead of using username/password we want to be able to derive that information from a PKI certificate that is already loaded into the browser being used by the user. This is similar to having a web application that is using client-cert as its auth-method (in the web.xml) and then having a filter or login module to process the cert and retrieve the principal's info from that cert.
I guess we could write a plugin for HTTPS content repo but I was wondering if there is something similar already out there? Any idea on how to best achieve this is greatly appreciated.
Hi Claudianus,
The content repository is synced and accessed by the server itself, regardless of there being any users logged in. That's why the certificate would have to be installed in the truststore of the JVM that runs the RHQ server.
That said, I am not very sure our HTTP content provider would handle that - it uses the Apache HttpClient library to connect and download stuff and I'm not sure we're configuring it for such possibility. It'd be great if you could try it out and report your findings here or on rhq-devel@lists.fedorahosted.org.
Thanks,
Lukas
----- Original Message -----
From: "Claudianus A" claudianus@gmail.com To: rhq-users@lists.fedorahosted.org Sent: Sunday, August 25, 2013 9:17:52 PM Subject: https content repo with pki cert
All - Is there a way to define an HTTPS content repository in RHQ where the authentication is done using the user's PKI cert? I know you can currently define an http repo similar to the the JBoss repo where the user's credentials are entered as username and password combo. Our use case is such that instead of using username/password we want to be able to derive that information from a PKI certificate that is already loaded into the browser being used by the user. This is similar to having a web application that is using client-cert as its auth-method (in the web.xml) and then having a filter or login module to process the cert and retrieve the principal's info from that cert.
I guess we could write a plugin for HTTPS content repo but I was wondering if there is something similar already out there? Any idea on how to best achieve this is greatly appreciated.
-- Claudianus
rhq-users mailing list rhq-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/rhq-users
rhq-users@lists.stg.fedorahosted.org