Bug 1123505 - [GSS] (6.3.z) EJB/remoting configuration does not propagate the certificate as credentials for authentication if mutual auth SSL was used for the connection [NEEDINFO]
Summary: [GSS] (6.3.z) EJB/remoting configuration does not propagate the certificate a...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: EJB
Version: 6.3.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: CR1
: EAP 6.3.3
Assignee: jboss-set
QA Contact: Jan Martiska
URL:
Whiteboard:
Depends On: 953200 1149621
Blocks: eap633-payload
TreeView+ depends on / blocked
 
Reported: 2014-07-25 20:47 UTC by Derek Horton
Modified: 2019-08-19 12:39 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: Known Issue
Doc Text:
In this release of JBoss EAP 6, EJB/remoting configurations do not propagate the certificate as credentials for authentication if mutual authentication SSL is used for the connection. This issue makes it impossible to use the `BaseCertLoginModule` for authentication with SSL protected EJBs. This issue is under investigation and is expected to be resolved in a future release of the product.
Clone Of: 953200
Environment:
Last Closed: 2019-08-19 12:39:30 UTC
Type: Bug
Embargoed:
mark.kloepping: needinfo?

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker WFLY-3580 0 Major Resolved Remoting LoginModule does not propagate the certificate as credentials for authentication if mutual auth SSL was used fo... 2016-03-02 19:32:00 UTC
Red Hat Issue Tracker WFLY-764 0 Major Open Enhance the security realm plug-in mechanism for client-cert / external verification. 2016-03-02 19:32:00 UTC

Comment 2 JBoss JIRA Server 2014-08-19 17:12:40 UTC 
Darran Lofthouse <darran.lofthouse> updated the status of jira WFLY-3580 to Coding In Progress
Comment 8 Darran Lofthouse 2014-10-15 12:05:10 UTC 
Personally I do not agree that from the perspective of EAP that this is a RFE, REM3-192 is raised as a feature request as it is asking for something to be added to JBoss Remoting that was never added before - however from the perspective of the application server and EAP I see this as a bug as it is something we previously supported and do not.
Comment 9 Rostislav Svoboda 2014-10-15 13:05:52 UTC 
(In reply to Darran Lofthouse from comment #8)
> Personally I do not agree that from the perspective of EAP that this is a
> RFE, REM3-192 is raised as a feature request as it is asking for something
> to be added to JBoss Remoting that was never added before - however from the
> perspective of the application server and EAP I see this as a bug as it is
> something we previously supported and do not.

Hi Darran, your reasoning makes sense. It wasn't clear that this BZ is about bringing back the functionality we had in EAP 5. Do you have some ETA ? Could it be incorporated into EAP 6.3.3 - 19.Nov 6.3.3.Freeze ?
Comment 12 Rostislav Svoboda 2014-10-29 09:22:50 UTC 
Removing qa nack
Comment 13 Dominik Pospisil 2014-11-12 11:06:26 UTC 
https://github.com/jbossas/jboss-eap/pull/1944
Comment 14 Jan Martiska 2015-01-20 07:07:16 UTC 
Verified in EAP 6.3.3.CR1.
Comment 15 Mark Kloepping 2016-02-03 15:12:05 UTC 
Does this solution enable Java client applications to send a client-certificate stored on a smart card or does the solution only support soft certificates where the private key can be supplied to the API?
Note You need to log in before you can comment on or make changes to this bug.