Foren

  1. Startseite
  2. Development
  3. Validate client ssl certificate

Validate client ssl certificate

david monichi, geändert vor 8 Jahren.

Validate client ssl certificate

New Member Beiträge: 5 Beitrittsdatum: 08.05.15 Neueste Beiträge
Hello,

I'm trying to validate a SSL client certificate for a whole site. The idea is to register a Liferay Hook, or something similar, who reads the client certificate and validates it.
Further, after validation, this hook should add validation information to the session so that Liferay-Portlets in this site can analyze the validation information and act accordingly.

At the moment I'm little bit lost and have not really an idea how to start. Is this possible in Liferay?

Would be great if somebody could help me out with some idea or already existing liferay components.

Thx in advance

/david
thumbnail
David H Nebinger, geändert vor 8 Jahren.

RE: Validate client ssl certificate

Liferay Legend Beiträge: 14918 Beitrittsdatum: 02.09.06 Neueste Beiträge
It's not liferay's responsibility to terminate SSL (thus validating certificates), it is the app container's responsibility.
david m, geändert vor 8 Jahren.

RE: Validate client ssl certificate

New Member Beiträge: 5 Beitrittsdatum: 08.05.15 Neueste Beiträge
Hello David,

only for clarification, does that mean that if I'm using JBoss as Application Container I need to find a solution for/in JBoss? Any hint or search keys for google?

Thx for your help

/david
thumbnail
David H Nebinger, geändert vor 8 Jahren.

RE: Validate client ssl certificate

Liferay Legend Beiträge: 14918 Beitrittsdatum: 02.09.06 Neueste Beiträge
Well, admittedly I'm not sure what you're trying to do.

When the server is using SSL there's only one certificate, the server's certificate. The clients (the browsers) are responsible for verifying the certificate given is authentic for the server.

If you're writing a web service client, well that is typically responsible for the validation activities but that is easily handled by adding the certs to the JVM's keystore.

But every action will depend upon what, exactly, you're trying to accomplish.
david m, geändert vor 8 Jahren.

RE: Validate client ssl certificate

New Member Beiträge: 5 Beitrittsdatum: 08.05.15 Neueste Beiträge
Using SSL there is also the possiblity to autenticate the client on server side. That's actually what I would like to do.

The first step is of course that the client verifies the servers certificate. Afterwards the client sends his certificate to the server who now can now verify if the client is trusted and has access to the site. This second step is my problem at the moment, specially since I would like to register it once and use the validation result in more then one portlet.

But anyway, I will check a solution for JBoss following your first answer. But all ideas appreciated ;)

/david
thumbnail
David H Nebinger, geändert vor 8 Jahren.

RE: Validate client ssl certificate

Liferay Legend Beiträge: 14918 Beitrittsdatum: 02.09.06 Neueste Beiträge
Gotcha. Let me see what I can find...
david m, geändert vor 8 Jahren.

RE: Validate client ssl certificate

New Member Beiträge: 5 Beitrittsdatum: 08.05.15 Neueste Beiträge
I checked various possible solution and will try with an AutoLogin Hook ...

Will update this thread once I have more information

/david
david m, geändert vor 8 Jahren.

RE: Validate client ssl certificate

New Member Beiträge: 5 Beitrittsdatum: 08.05.15 Neueste Beiträge
I used an action hook registered as login.events.post action. Still a problem is that I would like to register it only for a given site but Application Adapter allow only to replace JSP's.
Further I used shared session attributes so that I have a single validation application usable by various portlets.

/david