Our objective :
I am using a clientCertficate to identify a proxy server to the SAP Portal. The SAP ClientCertLoginModule does this, but it uses it to identify the user. I just want to use a clientcertificate in order to lockdown access from a proxy server to the Portal(7.3).
The SAP module works, but it assumes the user identity is part of the certificate and won't let me change the user to a header variable that is on the request. I've created a custom login module based on the ClientCertLoginModule that currently exists in the SAP Portal (7.3) as per our other requirements.
When calling the callbackHandler, I'm not getting the client certificate from the request. When I use the SAP provided login module ( ClientCertLoginModule ), it brings back the client certificate from the request.
Here is sample code:
-----
X509CertificateChainCallback clientChainCallback = new X509CertificateChainCallback();
callbackHandler.handle(new Callback[] { clientChainCallback });
tempCerts = clientChainCallback.getCertificateChain();
-----
tempCerts comes back null. It should have a client certificate.
I know that there is a client certificate in the request. When I use my code it comes back without the client certificate in the request. Does anybody have any idea why I'm not getting the client certificate in the request? Below is the result of the SAP ClientCertLoginModule.
1. com.sap.engine.services.security.server.jaas.ClientCertLoginModule OPTIONAL ok true true
#1 Rule1.AttributeName = O
#2 Rule1.filterSubject = CN=wssoproxytest, O=CompanyName
#3 Rule1.getUserFrom = SubjectName
It finds the client certificate when using the SAP ClientCertLoginModue.
When I try my custom ClientCertLoginModuleTest code, it doens't find the certificate.
I have looked in to SCN forums , I did not find how to check Certificate available or not?
Thanks Mark