Project

General

Profile

Support #479

Two way authentication using SSL

Added by Yakub Moriswala over 6 years ago. Updated over 6 years ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
XMPP
Target version:
-
Start date:
01/19/2013
Due date:
% Done:

0%

Estimated time:
Close

Description

Hi,

I want to implement two way authentication using SSL. I checked the server authentication working good but now I want to authenticate users using client certificates.

Is there any implementation awailable for client authentication in Beem ?

Any help would be appriciated.

Thanks,
Yakub Moriswala

History

#1 Updated by Yakub Moriswala over 6 years ago

[+additionally]

We are using Openfire XMPP server.

#2 Updated by Frédéric Barthéléry over 6 years ago

  • Category changed from XMPP-Jingle to XMPP
  • Status changed from New to Feedback
  • Priority changed from High to Normal
  • Target version deleted (Dev)

SSL mutual authentication is set by the standard java mechanism to create SSL sockets. This is a starting point to implement it in Beem.
In the BeemService class, we use a custom SSLContext and set it in the initMemorizingTrustManager(). You have to configure this SSLContext to do mutual SSL authentication.

Then according to http://tools.ietf.org/html/rfc6120 and http://xmpp.org/extensions/xep-0178.html
the server should present the EXTERNAL SASL mechanism. This mechanism is currently not supported in aSmack, but it is pretty simple to handle it. An implementation already exist in Smack but was disabled in aSmack.

These type of questions should be sent on the mailing list for more broader audience

#3 Updated by Yakub Moriswala over 6 years ago

Frédéric Barthéléry wrote:

SSL mutual authentication is set by the standard java mechanism to create SSL sockets. This is a starting point to implement it in Beem.
In the BeemService class, we use a custom SSLContext and set it in the initMemorizingTrustManager(). You have to configure this SSLContext to do mutual SSL authentication.

Then according to http://tools.ietf.org/html/rfc6120 and http://xmpp.org/extensions/xep-0178.html
the server should present the EXTERNAL SASL mechanism. This mechanism is currently not supported in aSmack, but it is pretty simple to handle it. An implementation already exist in Smack but was disabled in aSmack.

These type of questions should be sent on the mailing list for more broader audience

Thanks for the initial startup!!!

Also available in: Atom PDF