June 29, 2016 at 1:58 am #11698Gregory WrightParticipant
I have a few questions with regards to the server-side scripting capability for policy conditions added in OpenAM 13:
* Does the HTTP client interface support HTTPS with mutual PKI authentication, for accessing web services that require a client PKI certificate?
* If so, how does OpenAM choose the client certificate to be used?
* Is there a way to perform a database query from within a server-side Groovy script, to lookup information that does not reside within the LDAP repository (such as resource metadata)?
Basically we’re looking at scripting as a way to eliminate the need to build custom Java modules to reach out to a database or web service to pull in additional information about a protected resource while evaluating policy conditions.
Thank you!July 7, 2016 at 11:11 am #11899Jamie BowenModerator
The OpenAM team are really busy finishing off a release this week and will get around to answering some questions on the forum next week if no-one else helps in the meantime.
JamieAugust 24, 2016 at 11:18 pm #12737Gregory WrightParticipant
@jamiebowen would it be possible to get someone to look at this? Circling back around to this finally, and would love to have an answer.August 25, 2016 at 10:51 pm #12778Peter MajorModerator
Usually client authentication is done by using the private key coming from the configured keystore (javax.net.ssl.keyStore JVM property), if you only have one key in it, then that will be used. If there are multiple keys, then I don’t really know what happens. :)
Writing the condition in Java is maybe a little bit more work, but it will be more performant in the end and you won’t have to worry about API limitations.
You must be logged in to reply to this topic.