Mutual authentication support


Openfire currently supports mutual authentication for clients. This functionality is to be improved in the following way:

  • The key store used exclusively for mutual authentication certificates needs to be manageable through the admin panel.

  • In the admin panel, a visual indicator should be present for sessions that have established mutual authentication

  • It should be possible to have different mutual authentication requirements for different types of connections (BOSH vs. Non-Bosh, for example)




Guus der Kinderen
June 2, 2015, 7:19 AM

Mutual authentication is now configurable in the SSL Security Page (under 'custom'). On the session overview page, a session will have two small arrow over the lock arrow when mutual mutual authentication has been established.

Guus der Kinderen
March 27, 2015, 1:41 PM

This issue introduces the new property httpbind.client.cert.policy, which behaves similar to the pre-existing xmpp.client.cert.policy. The latter now affects non-BOSH sessions only, while the former affects solely BOSH sessions.

As a result of OF-893, mutual authentication was not working for BOSH. Introducing a new property to configure its usage won't introduce any backwards compatibility issues (as the existing behavior was not influences by the original property in the first place).



Guus der Kinderen


Guus der Kinderen