Mutual authentication support

Description

Openfire currently supports mutual authentication for clients. This functionality is to be improved in the following way:

The key store used exclusively for mutual authentication certificates needs to be manageable through the admin panel.
In the admin panel, a visual indicator should be present for sessions that have established mutual authentication
It should be possible to have different mutual authentication requirements for different types of connections (BOSH vs. Non-Bosh, for example)

Environment

None

Acceptance Test - Entry

None

Activity

Show:

Guus der Kinderen

March 27, 2015, 1:41 PM

Copy link to comment

This issue introduces the new property httpbind.client.cert.policy, which behaves similar to the pre-existing xmpp.client.cert.policy. The latter now affects non-BOSH sessions only, while the former affects solely BOSH sessions.

As a result of OF-893, mutual authentication was not working for BOSH. Introducing a new property to configure its usage won't introduce any backwards compatibility issues (as the existing behavior was not influences by the original property in the first place).

Guus der Kinderen

June 2, 2015, 7:19 AM

Copy link to comment

Mutual authentication is now configurable in the SSL Security Page (under 'custom'). On the session overview page, a session will have two small arrow over the lock arrow when mutual mutual authentication has been established.

Fixed

Assignee

Guus der Kinderen

Reporter

Guus der Kinderen

Labels

None

Expected Effort

None

Ignite Forum URL

None

Fix versions

4.0.0

Priority

Major

Configure