Bug 1123505

Summary: [GSS] (6.3.z) EJB/remoting configuration does not propagate the certificate as credentials for authentication if mutual auth SSL was used for the connection
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Derek Horton <dehort>
Component: EJBAssignee: jboss-set
Status: CLOSED CURRENTRELEASE QA Contact: Jan Martiska <jmartisk>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.3.1CC: ahoffer, bbaranow, bmaxwell, cdewolf, darran.lofthouse, dehort, egonzale, istudens, jawilson, jmartisk, jsightle, mark.kloepping, myarboro, rsvoboda
Target Milestone: CR1Keywords: Triaged
Target Release: EAP 6.3.3Flags: mark.kloepping: needinfo?
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Known Issue
Doc Text:
In this release of JBoss EAP 6, EJB/remoting configurations do not propagate the certificate as credentials for authentication if mutual authentication SSL is used for the connection. This issue makes it impossible to use the `BaseCertLoginModule` for authentication with SSL protected EJBs. This issue is under investigation and is expected to be resolved in a future release of the product.
 Story Points: ---
Clone Of: 953200 Environment:
Last Closed: 2019-08-19 12:39:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 953200, 1149621    
Bug Blocks: 1151405    

Comment 2 JBoss JIRA Server 2014-08-19 17:12:40 UTC 
Darran Lofthouse <darran.lofthouse> updated the status of jira WFLY-3580 to Coding In Progress
Comment 8 Darran Lofthouse 2014-10-15 12:05:10 UTC 
Personally I do not agree that from the perspective of EAP that this is a RFE, REM3-192 is raised as a feature request as it is asking for something to be added to JBoss Remoting that was never added before - however from the perspective of the application server and EAP I see this as a bug as it is something we previously supported and do not.
Comment 9 Rostislav Svoboda 2014-10-15 13:05:52 UTC 
(In reply to Darran Lofthouse from comment #8)
> Personally I do not agree that from the perspective of EAP that this is a
> RFE, REM3-192 is raised as a feature request as it is asking for something
> to be added to JBoss Remoting that was never added before - however from the
> perspective of the application server and EAP I see this as a bug as it is
> something we previously supported and do not.

Hi Darran, your reasoning makes sense. It wasn't clear that this BZ is about bringing back the functionality we had in EAP 5. Do you have some ETA ? Could it be incorporated into EAP 6.3.3 - 19.Nov 6.3.3.Freeze ?
Comment 12 Rostislav Svoboda 2014-10-29 09:22:50 UTC 
Removing qa nack
Comment 13 Dominik Pospisil 2014-11-12 11:06:26 UTC 
https://github.com/jbossas/jboss-eap/pull/1944
Comment 14 Jan Martiska 2015-01-20 07:07:16 UTC 
Verified in EAP 6.3.3.CR1.
Comment 15 Mark Kloepping 2016-02-03 15:12:05 UTC 
Does this solution enable Java client applications to send a client-certificate stored on a smart card or does the solution only support soft certificates where the private key can be supplied to the API?