SubjectCNMapper is not invoked with CertificatesRoles login-module in EAP6
Issue
-
SubjectCNMapper is not invoked with CertificatesRoles login-module
- When using the
CertRolesLoginModuleto performCLIENT_CERTauthentication with EAP 6.0.1. -
With a configured security-domain that maps
SubjectCNMapperto a value ofCNin the certificate, (instead ofDNto aPrincipal).<security-domain name="mySecurityDomain" cache-type="default"> <authentication> <login-module code="CertificateRoles" flag="required"> <module-option name="securityDomain" value="mySecurityDomain"/> <module-option name="verifier" value="org.jboss.security.auth.certs.AnyCertVerifier"/> <module-option name="rolesProperties" value="${project.build.outputDirectory}/config/roles.properties"/> </login-module> </authentication> <mapping> <mapping-module code="org.jboss.security.mapping.providers.principal.SubjectCNMapper" type="principal" /> </mapping> <jsse truststore-url="${project.build.outputDirectory}/config/ServerTrustStore.jks" truststore-password="password" truststore-type="jks" client-auth="true" keystore-url="${project.build.outputDirectory}/config/ServerKeyStore.jks" keystore-password="password" keystore-type="jks" /> </security-domain>
- When using the
Environment
- JBoss Enterprise Application Platform (EAP)
- 6.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
