summaryrefslogtreecommitdiffstats
path: root/pki/base/kra/shared/webapps/kra/WEB-INF/auth.properties
Commit message (Collapse)AuthorAgeFilesLines
* Removed unnecessary pki folder.Endi Sukma Dewata2012-03-261-16/+0
| | | | | | | | | Previously the source code was located inside a pki folder. This folder was created during svn migration and is no longer needed. This folder has now been removed and the contents have been moved up one level. Ticket #131
* Provide Custom PKI JNDI Realm.Jack Magne2012-03-121-0/+16
Provide a Realm that provides the following: 1. Allows SSL client certificate authentation upon protected URLs. For now we are protecting the new DRM Rest functions. 2. Allows simple PKI ACL checking like we have in the current server. This is accomplished with the help of a simple file that maps URLs to ACL resourceIDs and operations. 3. DRMRestClient now support SSL Client authentication to test the feature. How to test this: Install new KRA server, after installing build pki-core rpm. Uncomment "PKIJNDIRealm" settings in conf/server.xml Some customization will be needed for instance specific info. See the sample in server.xml. Uncomment the "Security Constraint" and "login-config" settings webapps/kra/WEB-INF/web.xml In running DRMTest.java in eclipse do the following: Change the arguments to support SSL Client auth such as: -h localhost -p 10443 -w secret -d ~/archive-test -s true -c "KRA Administrator of Instance pki-kra's SjcRedhat Domain ID" where the new flags are -s = true for SSL and -c = <client auth cert name> Export the KRA's admin/agent client auth cert from Firefox to a pk12 file. Import this cert into ~/archive-test by using "pk12util" utility. Run the DRMTest.java program in eclipse and observe the results. There should be a prompt for a client cert.