Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

X509Certificate Authenticator is supported by WSO2 Identity Server versions 5.1.0 , - 5.210.0, 5.3.0, 5.4.0, 5.4.1 and 5.5.0

Table of Contents
maxLevel3
minLevel3

...

  1. Download the WSO2 Identity Server.

  2. Replace your keystore file path, keystore password, trust store file path and trust store password (you can use the keystore and truststore, which you created under the Working with Certificate section) in the following configuration and add it to  <IS_HOME>/repository/conf/tomcat/catalina-server.xml file.

    Code Block
    languagexml
    <Connector
            protocol="HTTP/1.1"
            port="8443" maxThreads="200"
            scheme="https" secure="true" SSLEnabled="true"
            keystoreFile="/path/to/keystore.jks" keystorePass="keystorepwd"
            truststoreFile="/path/to/truststore.jks" truststorePass="truststorespassword"
    		bindOnInit = "false"
            clientAuth="want" sslProtocol="TLS"/>
    Note
    • To function properly, this connector should come first in the order. Otherwise, when mutual SSL takes place, the already existing connector (9443) will be picked up and the certificate will not be retrieved correctly.
    • The clientAuth attribute causes the Tomcat to require the client with providing a certificate that can be configured as follows.
      • true: valid client certificate required for a connection to succeed

      • want: use a certificate if available, but still connect if no certificate is available

      • false: no client certificate is required or validated

    • The truststoreFile attributes specifies the location of the truststore that contains the trusted certificate issuers.
  3. Download the authenticator .jar file and the artifacts from the WSO2 store.

  4. Place the authenticator .jar file in the <IS_HOME>/repository/components/dropins directory. 

    Note

    If you want to upgrade the X509 Certificate Authenticator in your existing IS pack, please refer upgrade instructions.

  5. Place the x509certificateauthenticationendpoint.war file in the <IS_HOME>/repository/deployment/server/webapps directory.

...