Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 1123505 - [GSS] (6.3.z) EJB/remoting configuration does not propagate the certificate as credentials for authentication if mutual auth SSL was used for the connection [NEEDINFO]
[GSS] (6.3.z) EJB/remoting configuration does not propagate the certificate a...
Status: VERIFIED
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: EJB (Show other bugs)
6.3.1
Unspecified Unspecified
unspecified Severity unspecified
: CR1
: EAP 6.3.3
Assigned To: Dominik Pospisil
Jan Martiska
: Triaged
Depends On: 953200 1149621
Blocks: eap633-payload
  Show dependency treegraph
 
Reported: 2014-07-25 16:47 EDT by Derek Horton
Modified: 2018-03-06 15:39 EST (History)
15 users (show)

See Also:
Fixed In Version:
Doc Type: Known Issue
Doc Text:
In this release of JBoss EAP 6, EJB/remoting configurations do not propagate the certificate as credentials for authentication if mutual authentication SSL is used for the connection. This issue makes it impossible to use the `BaseCertLoginModule` for authentication with SSL protected EJBs. This issue is under investigation and is expected to be resolved in a future release of the product.
Story Points: ---
Clone Of: 953200
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
mark.kloepping: needinfo?


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker WFLY-3580 Major Resolved Remoting LoginModule does not propagate the certificate as credentials for authentication if mutual auth SSL was used fo... 2016-03-02 14:32 EST
JBoss Issue Tracker WFLY-764 Major Open Enhance the security realm plug-in mechanism for client-cert / external verification. 2016-03-02 14:32 EST

  None (edit)
Comment 2 JBoss JIRA Server 2014-08-19 13:12:40 EDT
Darran Lofthouse <darran.lofthouse@jboss.com> updated the status of jira WFLY-3580 to Coding In Progress
Comment 8 Darran Lofthouse 2014-10-15 08:05:10 EDT
Personally I do not agree that from the perspective of EAP that this is a RFE, REM3-192 is raised as a feature request as it is asking for something to be added to JBoss Remoting that was never added before - however from the perspective of the application server and EAP I see this as a bug as it is something we previously supported and do not.
Comment 9 Rostislav Svoboda 2014-10-15 09:05:52 EDT
(In reply to Darran Lofthouse from comment #8)
> Personally I do not agree that from the perspective of EAP that this is a
> RFE, REM3-192 is raised as a feature request as it is asking for something
> to be added to JBoss Remoting that was never added before - however from the
> perspective of the application server and EAP I see this as a bug as it is
> something we previously supported and do not.

Hi Darran, your reasoning makes sense. It wasn't clear that this BZ is about bringing back the functionality we had in EAP 5. Do you have some ETA ? Could it be incorporated into EAP 6.3.3 - 19.Nov 6.3.3.Freeze ?
Comment 12 Rostislav Svoboda 2014-10-29 05:22:50 EDT
Removing qa nack
Comment 13 Dominik Pospisil 2014-11-12 06:06:26 EST
https://github.com/jbossas/jboss-eap/pull/1944
Comment 14 Jan Martiska 2015-01-20 02:07:16 EST
Verified in EAP 6.3.3.CR1.
Comment 15 Mark Kloepping 2016-02-03 10:12:05 EST
Does this solution enable Java client applications to send a client-certificate stored on a smart card or does the solution only support soft certificates where the private key can be supplied to the API?

Note You need to log in before you can comment on or make changes to this bug.