GeeCON Prague 2014*
The moose likes Security and the fly likes Configuring PKI authentication using Apache Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Engineering » Security
Bookmark "Configuring PKI authentication using Apache" Watch "Configuring PKI authentication using Apache" New topic
Author

Configuring PKI authentication using Apache

Bob Talbert
Greenhorn

Joined: Mar 26, 2013
Posts: 4
I am trying to implement PKI authentication on a service that currently uses HTTP Basic Authentication. This service runs on a tomcat server and all requests go through an apache HTTP server. I am trying to update the service so it can support both username/password and PKI client authentication.

Right now I am thinking doing the PKI authentication at the apache server level so that my service deployed on tomcat will not need to be affected.

The idea that I have now is to have the apache server authenticate the client's certificate and then add the HTTP basic authentication header to the request going into tomcat by looking up the username and password of the user from the Directory Server.

From my research into Apache I found that there is an SSL Option in Apache called FakeBasicAuth which will create add a HTTP basic authentication header to the request, but the issue I have with it is that the password is hardcoded to "password." Is there a module for apache that can do what FakeBasicAuth is doing, but instead of hardcoding password, will look up the user credentials in a directory server?

If not, is there another approach that you can recommend for enabling PKI authentication on my service?

 
GeeCON Prague 2014
 
subject: Configuring PKI authentication using Apache