You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fortress@directory.apache.org by "Oleksandr Bodriagov (Polystar)" <ol...@polystar.com> on 2015/05/03 12:14:20 UTC
Apache Fortress clients with certificates
Hi,
I wonder if there is any way for Fortress to work with clients that have
certificates instead of passwords. I am interested in operations like
checkAccess and rbacPerms.
/Oleksandr
Re: Apache Fortress clients with certificates
Posted by "Oleksandr Bodriagov (Polystar)" <ol...@polystar.com>.
Great! Thanks for saying about ³isTrusted².
/Oleksandr
On 3/5/2015 15:22 , "Shawn McKinney" <sm...@apache.org> wrote:
>
>> On May 3, 2015, at 5:14 AM, Oleksandr Bodriagov (Polystar)
>><ol...@polystar.com> wrote:
>>
>>
>> I wonder if there is any way for Fortress to work with clients that have
>> certificates instead of passwords. I am interested in operations like
>> checkAccess and rbacPerms.
>
>Currently a client of fortress may validate a certificate (outside of
>fortress), extract the identity, and call createSession with isTrusted
>set to true. This allows the rbac session to be returned to the client
>without the need to validate a password.
>
>As a future enhancement I would support an enhancement request where
>fortress accepts the certificate from the client, performs the
>certificate validation, within the createSession API. Patches welcome.
>:-)
>
>Shawn
>smckinney@apache.org
Re: Apache Fortress clients with certificates
Posted by Shawn McKinney <sm...@apache.org>.
> On May 3, 2015, at 5:14 AM, Oleksandr Bodriagov (Polystar) <ol...@polystar.com> wrote:
>
>
> I wonder if there is any way for Fortress to work with clients that have
> certificates instead of passwords. I am interested in operations like
> checkAccess and rbacPerms.
Currently a client of fortress may validate a certificate (outside of fortress), extract the identity, and call createSession with isTrusted set to true. This allows the rbac session to be returned to the client without the need to validate a password.
As a future enhancement I would support an enhancement request where fortress accepts the certificate from the client, performs the certificate validation, within the createSession API. Patches welcome. :-)
Shawn
smckinney@apache.org