You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by "Philippe A." <fu...@gmail.com> on 2009/11/30 17:40:18 UTC

Problems with https mutual auth

I have successfully setup one way https authentication between my web
service client and server. The next step is to enable two-way auth but I'm
having problems doing it.

To make sure two-way auth kicks in, I wanted to have client auth fail on
purpose. However, client requests are not rejected as planned.

In axis2.xml, I have added the following:

        <parameter name="truststore" locked="false">
            <TrustStore>
                <Location>trust.jks</Location>
                <Type>JKS</Type>
                <Password>changeit</Password>
            </TrustStore>
        </parameter>
        <parameter name="SSLVerifyClient">require</parameter>

I volontarily left the trust store empty. I have left services.xml
unchanged, as well as my client.

Can anyone tell me what I am missing?

I'm using Axis2 1.4.1 and Rampart 1.4.

Thanks!

Re: Problems with https mutual auth

Posted by "Philippe A." <fu...@gmail.com>.

Hello Thilina,

I am using the standalone Axis2 server. I had a look at
HttpCoreNIOSSLListener.java and confirmed <parameter name="SSLVerifyClient">
should do the same as client-auth.

Maybe I have missed something. I won't have time to go back to this since we
have decided to stick to one-way auth for now. If anyone successfully
configures two-way auth with the simple axis server, I'd like to hear from
you.

Thanks!

2009/12/3 Thilina Mahesh Buddhika <th...@gmail.com>

> Hi Phillipe,
>
> I think you have to enable "client-auth" in the application server/servlet
> container where you have deployed Axis2.
>
> For example, in Tomcat, there is a parameter named "clientAuth" which is by
> default set to "false" in SSL Configuration section.  By setting its value
> to "true" you can force two-way authentication in SSL handshake.
>
> Thanks.
> /thilina
>
> Thilina Mahesh Buddhika
> http://blog.thilinamb.com
>
>
> On Mon, Nov 30, 2009 at 10:10 PM, Philippe A. <fu...@gmail.com> wrote:
>
>> I have successfully setup one way https authentication between my web
>> service client and server. The next step is to enable two-way auth but I'm
>> having problems doing it.
>>
>> To make sure two-way auth kicks in, I wanted to have client auth fail on
>> purpose. However, client requests are not rejected as planned.
>>
>> In axis2.xml, I have added the following:
>>
>>         <parameter name="truststore" locked="false">
>>             <TrustStore>
>>                 <Location>trust.jks</Location>
>>                 <Type>JKS</Type>
>>                 <Password>changeit</Password>
>>             </TrustStore>
>>         </parameter>
>>         <parameter name="SSLVerifyClient">require</parameter>
>>
>> I volontarily left the trust store empty. I have left services.xml
>> unchanged, as well as my client.
>>
>> Can anyone tell me what I am missing?
>>
>> I'm using Axis2 1.4.1 and Rampart 1.4.
>>
>> Thanks!
>>
>
>

Re: Problems with https mutual auth

Posted by Thilina Mahesh Buddhika <th...@gmail.com>.

Hi Phillipe,

I think you have to enable "client-auth" in the application server/servlet
container where you have deployed Axis2.

For example, in Tomcat, there is a parameter named "clientAuth" which is by
default set to "false" in SSL Configuration section.  By setting its value
to "true" you can force two-way authentication in SSL handshake.

Thanks.
/thilina

Thilina Mahesh Buddhika
http://blog.thilinamb.com


On Mon, Nov 30, 2009 at 10:10 PM, Philippe A. <fu...@gmail.com> wrote:

> I have successfully setup one way https authentication between my web
> service client and server. The next step is to enable two-way auth but I'm
> having problems doing it.
>
> To make sure two-way auth kicks in, I wanted to have client auth fail on
> purpose. However, client requests are not rejected as planned.
>
> In axis2.xml, I have added the following:
>
>         <parameter name="truststore" locked="false">
>             <TrustStore>
>                 <Location>trust.jks</Location>
>                 <Type>JKS</Type>
>                 <Password>changeit</Password>
>             </TrustStore>
>         </parameter>
>         <parameter name="SSLVerifyClient">require</parameter>
>
> I volontarily left the trust store empty. I have left services.xml
> unchanged, as well as my client.
>
> Can anyone tell me what I am missing?
>
> I'm using Axis2 1.4.1 and Rampart 1.4.
>
> Thanks!
>