Bug 1119510 - RFE: Document Auth using EXTERNAL with certificates
Summary: RFE: Document Auth using EXTERNAL with certificates
Alias: None
Product: JBoss Data Grid 6
Classification: JBoss
Component: Documentation
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: Post GA
: 6.3.0
Assignee: gsheldon
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2014-07-14 23:52 UTC by gsheldon
Modified: 2014-09-15 00:01 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-09-15 00:01:43 UTC
Type: Bug

Attachments (Terms of Use)

Description gsheldon 2014-07-14 23:52:24 UTC
From BZ#1067739 and BZ#1013853.

"we need the steps that a customer needs to perform on the Server-side and the Client-side to configure user authn using EXTERNAL."

Current topic exists but has been removed for 6.4:

Configure Hot Rod Authentication (X.509) [40931]

Comment 2 Misha H. Ali 2014-07-21 04:11:59 UTC
Setting this to POST to indicate that we can't work on this yet. Gemma, please check with Vojta about when this is expected to be tested.

Comment 3 gsheldon 2014-08-04 03:42:07 UTC
Setting NEEDINFO Vojtech.

Vojta will this feature be ready for the next release?



Comment 4 Vojtech Juranek 2014-08-11 11:04:17 UTC
Hi Gemma,
this feature was actually already in JDG 6.3.0, but as it wasn't tested, it wasn't documented/supported. Should be tested/supported in JDG 6.3.1.

Comment 6 Vojtech Juranek 2014-08-18 10:42:54 UTC
Hi Gemma,
text IMHO looks good and is sufficient. However, EXTERNAL auth wasn't tested yet, so I would give "verified" after testing it (maybe I'll discover something to be added during testing).

Comment 7 Vojtech Juranek 2014-09-04 07:26:43 UTC
Hi Gemma, I finally implemented the test, sorry for the delay. 
There's one wrong name of the parameter, in table 8.4 and in 

<keystore path="..." relative-to="..." keystore-password="..." alias="..." key-password="..." />

the parameter for keystore password is not "key-password", but correct name is "keystore-password". Otherwise looks good to me.

I noticed that similar config is also in chapter "Procedure 8.3. Secure Hot Rod Using SSL/TLS". Maybe you can refer there table 8.4 for the meaning of the parameters. When reading it, I also noticed that code sample for Hot Rod connector is not accurate:

<security ssl="true" security-realm="ApplicationRealm" require-ssl-client-auth="false" />

should be 

<encryption ssl="true" security-realm="ApplicationRealm" require-ssl-client-auth="false" />

I.e. name of the element is not "security" but "encryption".
I hasn't found any other issue.

Comment 9 Vojtech Juranek 2014-09-04 07:52:18 UTC
Hi Misha,
I'm sorry, I somehow missed that keystore-password is already present and thought there's a typo in key-password. The code sniplet in Chapter is correct as it is, please don't remove anything and ignore the first part of my previous comment. Sorry for that

Comment 10 Misha H. Ali 2014-09-04 07:57:12 UTC
Thanks, Vojta. Setting this for final review then.

Comment 11 Misha H. Ali 2014-09-15 00:01:43 UTC
This content is now available on https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/

Note You need to log in before you can comment on or make changes to this bug.