You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@servicemix.apache.org by jlbarrera <jl...@sadiel.es> on 2007/03/09 13:59:59 UTC
Re: Authenticate user in Service Engine
Hello wizard,
I have seen that you are using HTTP BC with SSL.
You could explain me how you have make it? and how you create the keystores?
it will be very useful for me.
Thanks!
wizard wrote:
>
> Hi all,
>
> We are using HTTP BC with SSL enabled. This BC points to a SE developed by
> us. What we want to do is to authenticate a given user in this SE. Our
> client doesn't have any login info, apart from the certificates. Is this
> required?
>
> In our SE we use NormalizedMessage.getSecuritySubject(), but this always
> returns null. How can we get info about the user in a SE?
>
> Thanks in advance!
>
--
View this message in context: http://www.nabble.com/Authenticate-user-in-Service-Engine-tf3016263s12049.html#a9393917
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: [implentation on an internal system host] Authenticate user in
Service Engine
Posted by jlbarrera <jl...@sadiel.es>.
Thank you!
I can solve part of my problem whit you information. I make this:
I want to conect the "provider" role (servicemix-http) to a external Web
Service throw HTTPS.
The first step is create the keystore, and import it the certificate:
keytool -genkey -alias mycert
This creates a .keystore in the user's home dir
keytool -import -keystore trustedCert -file Server.cer
This creates a trustedCert file in the same directory
The Server.cer i downloaded with internet explorer (X.509 base 64 (.CER) )
keytool -list -keystore trustedCert
Here show information about keystore, it must show "trustedCertEntry"
Then copy the trustedCert file to $SERVICEMIX_HOME /conf directory and in
the xbean.xml i configured the route to this file.
I received an error: "HTTPS hostname wrong", this is because the url server
isn't equal that the CN. You must change the url o implement
HostnameVerifier. I add an entry in my hosts file, because i can't change
the url address.
But now, i want to authenticated access to External Web Services, and i
think that it isn't implemented (it's right?)
I tested in the provider:
<http:basicAuthentication>
<http:basicAuthCredentials username="user" password="pass" />
</http:basicAuthentication>
But this not work!
Thanks!
wizard wrote:
>
> We create our keys using:
>
> 1) keytool -genkey -keysize 512 -keyalg RSA -alias mycert -dname
> "myDistinguishedName" -validity 999
>
> This creates a .keystore in you home dir. Then:
>
> 2) keytool -export -alias mycert -file mypub.cer
>
> Exports the public key from the created certificate. Then we import this
> public key in the remote cacerts (client)
>
> 3) keytool -import -keystore "myKeystoreFile" -storepass "myPassword"
> -alias mycert -file "theCreated.cerFile"
>
> Note that conf/serverkey.jks in xbean.xml contains the private key we just
> created in step 1
>
> This procedure authenticates the servicemix server in the client.
> If the remote client is to be authenticated in servicemix, the servicemix
> cacerts should contain the client's public key (or all keys from its
> certification path) too.
>
>
>
> jlbarrera wrote:
>>
>> Thank you very much
>> You are using SSL in the consumer role, but i need make it but in the
>> role provider. I know that the syntax is equal for same roles, but the
>> way of create the keystore i think that must be diferent, because i
>> received an error:
>>
>> unable to find valid certification path to requested target
>>
>> I think that i dont create the keystore in the correct way.
>>
>> Regards!
>>
>>
>> wizard wrote:
>>>
>>> This is our xbean.xml:
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>
>>> <beans xmlns:http="http://servicemix.apache.org/http/1.0"
>>> xmlns:sa="http://sa"
>>> xmlns:sahs="http://sa/hs">
>>>
>>> <classpath>
>>> <location>.</location>
>>> </classpath>
>>>
>>> <http:endpoint service="sahs:hs"
>>> endpoint="porths"
>>> role="consumer"
>>> locationURI="https://0.0.0.0:8192/Service/"
>>> defaultMep="http://www.w3.org/2004/08/wsdl/in-out"
>>> targetEndpoint="portseh"
>>> targetService="sa:sajbiseHTTP"
>>>>
>>>
>>> <http:ssl>
>>> <http:sslParameters keyStore="conf/serverkey.jks"
>>> keyStorePassword="my_keystore_password"
>>> needClientAuth="true"/>
>>> </http:ssl>
>>> </http:endpoint>
>>> </beans>
>>>
>>>
>>> The keystore file was created using keytool.exe from java.
>>> Hope this helps...
>>>
>>>
>>> jlbarrera wrote:
>>>>
>>>> Hello wizard,
>>>>
>>>> I have seen that you are using HTTP BC with SSL.
>>>> You could explain me how you have make it? and how you create the
>>>> keystores?
>>>> it will be very useful for me.
>>>>
>>>> Thanks!
>>>>
>>>>
>>>> wizard wrote:
>>>>>
>>>>> Hi all,
>>>>>
>>>>> We are using HTTP BC with SSL enabled. This BC points to a SE
>>>>> developed by us. What we want to do is to authenticate a given user in
>>>>> this SE. Our client doesn't have any login info, apart from the
>>>>> certificates. Is this required?
>>>>>
>>>>> In our SE we use NormalizedMessage.getSecuritySubject(), but this
>>>>> always returns null. How can we get info about the user in a SE?
>>>>>
>>>>> Thanks in advance!
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/Authenticate-user-in-Service-Engine-tf3016263s12049.html#a9472200
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: [implentation on an internal system host] Authenticate user in
Service Engine
Posted by wizard <an...@gmail.com>.
We create our keys using:
1) keytool -genkey -keysize 512 -keyalg RSA -alias mycert -dname
"myDistinguishedName" -validity 999
This creates a .keystore in you home dir. Then:
2) keytool -export -alias mycert -file mypub.cer
Exports the public key from the created certificate. Then we import this
public key in the remote cacerts (client)
3) keytool -import -keystore "myKeystoreFile" -storepass "myPassword" -alias
mycert -file "theCreated.cerFile"
Note that conf/serverkey.jks in xbean.xml contains the private key we just
created in step 1
This procedure authenticates the servicemix server in the client.
If the remote client is to be authenticated in servicemix, the servicemix
cacerts should contain the client's public key (or all keys from its
certification path) too.
jlbarrera wrote:
>
> Thank you very much
> You are using SSL in the consumer role, but i need make it but in the role
> provider. I know that the syntax is equal for same roles, but the way of
> create the keystore i think that must be diferent, because i received an
> error:
>
> unable to find valid certification path to requested target
>
> I think that i dont create the keystore in the correct way.
>
> Regards!
>
>
> wizard wrote:
>>
>> This is our xbean.xml:
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <beans xmlns:http="http://servicemix.apache.org/http/1.0"
>> xmlns:sa="http://sa"
>> xmlns:sahs="http://sa/hs">
>>
>> <classpath>
>> <location>.</location>
>> </classpath>
>>
>> <http:endpoint service="sahs:hs"
>> endpoint="porths"
>> role="consumer"
>> locationURI="https://0.0.0.0:8192/Service/"
>> defaultMep="http://www.w3.org/2004/08/wsdl/in-out"
>> targetEndpoint="portseh"
>> targetService="sa:sajbiseHTTP"
>>>
>>
>> <http:ssl>
>> <http:sslParameters keyStore="conf/serverkey.jks"
>> keyStorePassword="my_keystore_password"
>> needClientAuth="true"/>
>> </http:ssl>
>> </http:endpoint>
>> </beans>
>>
>>
>> The keystore file was created using keytool.exe from java.
>> Hope this helps...
>>
>>
>> jlbarrera wrote:
>>>
>>> Hello wizard,
>>>
>>> I have seen that you are using HTTP BC with SSL.
>>> You could explain me how you have make it? and how you create the
>>> keystores?
>>> it will be very useful for me.
>>>
>>> Thanks!
>>>
>>>
>>> wizard wrote:
>>>>
>>>> Hi all,
>>>>
>>>> We are using HTTP BC with SSL enabled. This BC points to a SE developed
>>>> by us. What we want to do is to authenticate a given user in this SE.
>>>> Our client doesn't have any login info, apart from the certificates. Is
>>>> this required?
>>>>
>>>> In our SE we use NormalizedMessage.getSecuritySubject(), but this
>>>> always returns null. How can we get info about the user in a SE?
>>>>
>>>> Thanks in advance!
>>>>
>>>
>>>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/Authenticate-user-in-Service-Engine-tf3016263s12049.html#a9439463
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: [implentation on an internal system host] Authenticate user in
Service Engine
Posted by jlbarrera <jl...@sadiel.es>.
Thank you very much
You are using SSL in the consumer role, but i need make it but in the role
provider. I know that the syntax is equal for same roles, but the way of
create the keystore i think that must be diferent, because i received an
error:
unable to find valid certification path to requested target
I think that i dont create the keystore in the correct way.
Regards!
wizard wrote:
>
> This is our xbean.xml:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns:http="http://servicemix.apache.org/http/1.0"
> xmlns:sa="http://sa"
> xmlns:sahs="http://sa/hs">
>
> <classpath>
> <location>.</location>
> </classpath>
>
> <http:endpoint service="sahs:hs"
> endpoint="porths"
> role="consumer"
> locationURI="https://0.0.0.0:8192/Service/"
> defaultMep="http://www.w3.org/2004/08/wsdl/in-out"
> targetEndpoint="portseh"
> targetService="sa:sajbiseHTTP"
>>
>
> <http:ssl>
> <http:sslParameters keyStore="conf/serverkey.jks"
> keyStorePassword="my_keystore_password"
> needClientAuth="true"/>
> </http:ssl>
> </http:endpoint>
> </beans>
>
>
> The keystore file was created using keytool.exe from java.
> Hope this helps...
>
>
> jlbarrera wrote:
>>
>> Hello wizard,
>>
>> I have seen that you are using HTTP BC with SSL.
>> You could explain me how you have make it? and how you create the
>> keystores?
>> it will be very useful for me.
>>
>> Thanks!
>>
>>
>> wizard wrote:
>>>
>>> Hi all,
>>>
>>> We are using HTTP BC with SSL enabled. This BC points to a SE developed
>>> by us. What we want to do is to authenticate a given user in this SE.
>>> Our client doesn't have any login info, apart from the certificates. Is
>>> this required?
>>>
>>> In our SE we use NormalizedMessage.getSecuritySubject(), but this always
>>> returns null. How can we get info about the user in a SE?
>>>
>>> Thanks in advance!
>>>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/Authenticate-user-in-Service-Engine-tf3016263s12049.html#a9438364
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: Authenticate user in Service Engine
Posted by wizard <an...@gmail.com>.
This is our xbean.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:http="http://servicemix.apache.org/http/1.0"
xmlns:sa="http://sa"
xmlns:sahs="http://sa/hs">
<classpath>
<location>.</location>
</classpath>
<http:endpoint service="sahs:hs"
endpoint="porths"
role="consumer"
locationURI="https://0.0.0.0:8192/Service/"
defaultMep="http://www.w3.org/2004/08/wsdl/in-out"
targetEndpoint="portseh"
targetService="sa:sajbiseHTTP"
>
<http:ssl>
<http:sslParameters keyStore="conf/serverkey.jks"
keyStorePassword="my_keystore_password"
needClientAuth="true"/>
</http:ssl>
</http:endpoint>
</beans>
The keystore file was created using keytool.exe from java.
Hope this helps...
jlbarrera wrote:
>
> Hello wizard,
>
> I have seen that you are using HTTP BC with SSL.
> You could explain me how you have make it? and how you create the
> keystores?
> it will be very useful for me.
>
> Thanks!
>
>
> wizard wrote:
>>
>> Hi all,
>>
>> We are using HTTP BC with SSL enabled. This BC points to a SE developed
>> by us. What we want to do is to authenticate a given user in this SE. Our
>> client doesn't have any login info, apart from the certificates. Is this
>> required?
>>
>> In our SE we use NormalizedMessage.getSecuritySubject(), but this always
>> returns null. How can we get info about the user in a SE?
>>
>> Thanks in advance!
>>
>
>
--
View this message in context: http://www.nabble.com/Authenticate-user-in-Service-Engine-tf3016263s12049.html#a9395564
Sent from the ServiceMix - User mailing list archive at Nabble.com.