堆栈内存溢出
  简体   繁体   English

在IBM WebSphere中定制客户机认证

[英]Customizing Client Authentication in IBM WebSphere

 原文  2018-08-21 06:16:26       ssl/ websphere/ ssl-client-authentication

问题描述

We have an application running in WAS 8.5 server. 我们有一个在WAS 8.5服务器上运行的应用程序。 The application has two external Service invocations, hitting 2 different third-party systems, in which one Service (Service2/Server2) requires Client Authentication. 该应用程序有两个外部服务调用,分别调用两个不同的第三方系统,其中一个服务(Service2 / Server2)需要客户端身份验证。

Please refer the diagram for reference. 请参考该图以供参考。

Server2 <-- Client --> Server1 Handshake Diagram Server2 <-客户端-> Server1握手图

For Server1, we have shared a Client Certificate with them and the handshaking is perfect. 对于Server1,我们已经与他们共享了一个客户端证书,并且握手是完美的。

For Server2, which doesn't required Client Aunthentication, fails during handshaking. 对于不需要客户端Aunthentication的Server2,握手期间会失败。 What we could find out that, during handshaking the server tries to authenticate the Client (Assuming that Client Authentication is SUPPORTED at Server2, but not REQUIRED ). 我们可以发现,在握手期间服务器尝试对客户端进行身份验证(假设在Server2上支持客户端身份验证,但不是必需的 )。 Since the Client KeyStore has the Client Certificate, it's being used for handshaking process, which is failing because this client certificate is not present at the Server2 Truststore. 由于客户端密钥库具有客户端证书,因此将其用于握手过程,因为该客户端证书在Server2 Truststore中不存在,因此失败了。

My question is, whether is it possible to not send the Client Certificate to the Server2 even if the Server supports Client Authentication. 我的问题是,即使服务器支持客户端身份验证,是否也可以不将客户端证书发送到Server2。

Hope this question is understandable. 希望这个问题是可以理解的。

Note1 : We don't have any control over Server1 or Server2 and we don't expect any changes from these third-party Services to make this work. 注意1我们对Server1或Server2没有任何控制权,并且我们不希望这些第三方服务进行任何更改来实现此目的。

Note2 : Service2 works perfectly without Client Certificate in the Client Keystore. 注意2Service2可以在没有客户端密钥库中的客户端证书的情况下完美运行。 Please refer the diagram for Serer2-Client SSL Handshaking, which is perfectly working. 请参考Serer2-Client SSL握手图,它可以正常工作。 Client --> Server2 Handshake Diagram 客户端-> Server2握手图

Expecting help from someone who is proficient in Websphere SSL configurations. 需要精通Websphere SSL配置的人员的帮助。

Thank you, Sanooj 谢谢Sanooj

1 个解决方案

解决方案1
 0  2018-08-21 15:14:04

In short: 简而言之:

You have to create 2 separate dynamic outbound SSL configs (see here for details) assuming your 2 external services have different URLs. 假设您的2个外部服务具有不同的URL,则必须创建2个单独的动态出站SSL配置(请参见此处以了解详细信息)。 The one that needs CertAuth will have cert in the keystore, the other will not have (you need 2 different SSL Configs). 需要CertAuth的一个将在密钥库中具有证书,另一个则不需要(您需要2个不同的SSL配置)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用SSL连接从客户端连接到IBM WebSphere Queue Manager - How to connect from client to IBM WebSphere Queue Manager using SSL Connection 如何使用Android版IBM Worklight 6.2支持客户端证书相互认证? - How to support Client Certificate Mutual Authentication with IBM Worklight 6.2 for Android? IBM HTTP Server,将呼叫路由到Websphere - IBM HTTP Server, routing calls to Websphere 使用https的IBM WebSphere Portal 6.1上的SPNEGO - SPNEGO on IBM WebSphere Portal 6.1 with https 缺省情况下,IBM WebSphere 8可以处理https吗? - Can IBM WebSphere 8 by default handle https? 试图在IBM WebSphere中导入SSL证书的ClassCastException - ClassCastException trying to import SSL cert in IBM WebSphere 为IBM Websphere安装SSL证书-HTTPServer - Installing SSL certificate for IBM Websphere - HTTPServer 如何在IBM Websphere 6中禁用SSL及其影响? - How to disable SSL in IBM Websphere 6 and its impact? IBM-MQ:在客户端和队列管理器之间配置相互 TLS 认证 - IBM-MQ: Configuring mutual TLS authentication between client and queue manager IBM HTTP Server配置为与websphere通信以提供http / https - IBM HTTP Server configured to communicate with websphere to serve http/https
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM