18 May
2011
18 May
'11
10:52 p.m.
Ok, I believe I have figured it out, and I must say it was around the world
to do so.
It turns out the way you get the server to ask the browser for the clients
certificates is to set a directive in Apache "SSLVerifyClient require". I am
working on code that was created by others before me, so I stupidly assumed
it was setup correctly, and it wasn't. So problem solved.
Thanks for all that tried to help.
Lenny
-----Original Message-----
From: users-bounces(a)xwiki.org [mailto:users-bounces@xwiki.org] On Behalf Of
Scardino,Leonard R Jr ERDC-ITL-MS Contractor
Sent: Wednesday, May 18, 2011 2:21 PM
To: XWiki Users
Subject: Re: [xwiki-users] X509Certificate is null
Ok, that is one I will have to remember. Looks like that will give you
access to a lot of useful things.
However, I now don't think the X509CryptoService will help. The certFromPEM
expects you to send it the certificate as a string, which at first I didn't
realize. I'm getting the certificate from a smart card. In my other webapp,
when I do a request.getAttribute("javax.servlet.request.X509Certificate"),
the return value is an array of X509Certificates. I don't know how to get
that in Xwiki.
So I'm going a different route until I can figure this out because of my time
crunch. It's convoluted, and involves using the other webapp that does let
me grab the certificates to do the authentication, then sending the info back
to Xwiki so I can do the login. It's a terrible solution versus doing the
authentication in the Xwiki webap, but I don't have days to figure it out.
Thanks again for the help. If you or anyone else has more suggestions please
bring them on.
Lenny
-----Original Message-----
From: users-bounces(a)xwiki.org [mailto:users-bounces@xwiki.org] On Behalf Of
Caleb James DeLisle
Sent: Wednesday, May 18, 2011 2:17 PM
To: XWiki Users
Subject: Re: [xwiki-users] X509Certificate is null
On 05/18/2011 01:03 PM, Scardino, Leonard R Jr ERDC-ITL-MS Contractor wrote:
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Thanks for the reply.
Unfortunately I've tried that and I'm still not getting anything back.
My current track for making this work is using the Cryptographic
Module which seems to have a $services.crypto.x509.certFromPEM() that
works in a velocity template. However, I need this for login
purposes, so I need to know how to get that $services variable in my
custom
AuthServiceImpl.
import org.xwiki.crypto.x509.X509CryptoService;
import com.xpn.xwiki.web.Utils;
X509CryptoService service = Utils.getComponent(X509CryptoService.class);
service.certFromPEM(....);
That should do the trick.
Caleb
This may not work
at all, but it seems like the most likely path to take.
Still open for more suggestions though.
Lenny
-----Original Message-----
From: users-bounces(a)xwiki.org [mailto:users-bounces@xwiki.org] On
Behalf Of Caleb James DeLisle
Sent: Wednesday, May 18, 2011 11:36 AM
To: XWiki Users
Subject: Re: [xwiki-users] X509Certificate is null
Hi,
Client certs sounds like a neat project.
When you are using scripting such as {{groovy}}, the "request"
variable will be set to this:
https://github.com/xwiki/xwiki-platform/blob/master/xwiki-platform-cor
e/xwiki
-platform-oldcore/src/main/java/com/xpn/xwiki/web/XWikiServletRequest.
java That is a wrapper around the actual HttpServletRequest but it
appears that
getAttribute() passes directly through.
If you want to use the real servlet request so you can test better,
you can call
getHttpServletRequest() then use that.
Good luck,
Caleb
On 05/18/2011 11:38 AM, Scardino, Leonard R Jr ERDC-ITL-MS Contractor
wrote:
Xwiki version:
2.7.33656
Ok, so I have a different webapp running on the same instance of
Tomcat as Xwiki, and I'm able to make a
getAttribute("javax.servlet.request.X509Certificate") call and am
able to get the clients certificates. However, in my custom login
for Xwiki when I try the same thing, it just returns null. I've also
tried creating a JSP in the Xwiki webapp that does nothing but call
request.getAttribute("javax.servlet.request.X509Certificate") and it
still returns null.
Anyone have any idea why this would be the case? As far as I can
tell I have Tomcat configured correctly as I'm able to get the
clients certs in a different webapp.
Is Xwiki pulling this attribute and storing it elsewhere? Or is this
perhaps a struts issue?
Any help would be greatly appreciated. Unfortunately I've been given
a short deadline on this.
Thanks,
Lenny
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users