How do you use TLS/SSL Http Authentication with a CXF client to a web service?

ScArcher2 picture ScArcher2 · Feb 12, 2009 · Viewed 23.9k times · Source

I'm trying to access a web service secured by a certificate. The security is setup on IIS and the web service is behind it.

I don't think WS-SECURITY will do this type of authentication. Is there any way to pass the client certificate when you call the web service?

I'm just getting an IIS Error Page that says "The page requires a client certificate".

I'm using CXF 2.1.4

Answer

Chris Dail picture Chris Dail · Feb 23, 2009

Yes, this is possible using CXF. You will need to set up the client conduit. You can specify the keystore that contains the certificates that will allow you to access the web service in IIS. As long as the certificate you are using here is a known allowed client in IIS, you should be ok.

<http:conduit name="{http://apache.org/hello_world}HelloWorld.http-conduit">

   <http:tlsClientParameters>
       <sec:keyManagers keyPassword="password">
            <sec:keyStore type="JKS" password="password"
                 file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
       </sec:keyManagers>
       <sec:trustManagers>
           <sec:keyStore type="JKS" password="password"
                file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
       </sec:trustManagers>

       ...

   </http:tlsClientParameters>

Sample from: CXF Wiki