if (null != certs && certs.length > 0) {
sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, certs[0].getSubjectX500Principal().getName());
sharedState.put(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN, certs);
+ } else {
+ // When client has been verified by reverse proxy
+ String certDn = req.getHeader("SSL_CLIENT_S_DN");
+ if (certDn != null) {
+ sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, certDn);
+ String issuerDn = req.getHeader("SSL_CLIENT_I_DN");
+ sharedState.put(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN, issuerDn);
+ }
}
}
import java.io.IOException;
import java.security.PrivilegedAction;
-import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Arrays;
import java.util.HashSet;
UserAdmin userAdmin = Activator.getUserAdmin();
final String username;
final char[] password;
- X509Certificate[] certificateChain = null;
+ Object certificateChain = null;
if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)
&& sharedState.containsKey(CmsAuthUtils.SHARED_STATE_PWD)) {
// NB: required by Basic http auth
e.printStackTrace();
return false;
}
- username = ldapName.getRdn(ldapName.size()-1).getValue().toString();
- certificateChain = (X509Certificate[]) sharedState.get(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN);
+ username = ldapName.getRdn(ldapName.size() - 1).getValue().toString();
+ certificateChain = sharedState.get(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN);
password = null;
} else if (singleUser) {
username = OsUserUtils.getOsUsername();