Uploaded image for project: 'James Server'
  1. James Server
  2. JAMES-3672

TLS authentication via client certificate

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Done
    • master
    • 3.7.0
    • None
    • None

    Description

      In order to limit access to trusted partners/users only, James should support TLS with certificate-based client authentication.

      For this purpose, TLS configuration is extended with the desired authentication mode (none, optional, required), and the associated trust store to validate any received client certificates. Example:

      <tls socketTLS="true" startTLS="false">
        <keystore>file://conf/keystore</keystore>
        <keystoreType>JKS</keystoreType>
        <secret>yoursecret</secret>
      
        <clientAuth required="true">
          <truststore>file://conf/truststore</truststore>
          <truststoreType>JKS</truststoreType>
          <truststoreSecret>yoursecret</truststoreSecret>
        </clientAuth>
      </tls>

      This is implemented mostly in AbstractConfigurableAsyncServer and associated Netty infrastructure.

      T-Shirt size M.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              kotto Karsten Otto
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 7h 40m
                  7h 40m