无法使用Deployment.toml配置X509证书身份验证器 [英] Cannot configure X509 Certificate Authenticator with deployment.toml

问题描述

我有WSO2 IS 5.10.0.它使用deployment.toml.配置x509身份验证时，我需要使用与x509相关的值来更新文件application-authentication.xml.但是，重新启动WSO2 IS时，此文件中的更新将被覆盖.我怀疑这与Deployment.toml有关.要使x509在此版本的WSO2 IS上运行，我需要做些什么?

I have WSO2 IS 5.10.0. It uses deployment.toml. When configuring x509 authentication I need to update the file application-authentication.xml with my x509 related values. However, my updates in this file get overwritten when restarting WSO2 IS. I suspect it has to do with deployment.toml. What do I need to do to get x509 working on this version of WSO2 IS?

推荐答案

除非已在deployment.toml文件中定义值，否则xml文件将被默认配置覆盖.因此，您可以将以下配置(带有您的值)添加到Deployment.toml中，然后重新启动服务器以应用它们.

The xml file gets overridden by the default configurations unless you have defined the values in the deployment.toml file. Hence, you can add following configurations (with your values) into the deployment.toml and restart the server to get them applied.

[authentication.authenticator.x509_certificate.parameters]
AuthenticationEndpoint ="https://localhost:8443/x509-certificate-servlet"
username = "CN"
setClaimURI = "http://wso2.org/claims/identity/userCertificate"
EnforceSelfRegistration = true

参考: https://github.com/wso2/docs-is/issues/986

添加Tomcat连接器配置

Add Tomcat connector configs

用 deployment.toml 添加一个额外的tomcat连接器似乎还不方便.因此，我们可以按照以下步骤操作.

Adding an extra tomcat connector with deployment.toml seems to be not facilitated yet. Hence, we can follow the steps below.

在正确的位置将以下新连接器添加到模板文件 repository/resources/conf/templates/repository/conf/tomcat/catalina-server.xml.j2 中.

Add following new connector to the template file repository/resources/conf/templates/repository/conf/tomcat/catalina-server.xml.j2 in the correct place.

{% for trasport in custom_trasport %}
  <Connector
  {% for name,value in trasport.properties.items() %}
            {{name}}="{{value}}"
  {% endfor %}
  >
  </Connector>
{% endfor %}

然后将所有连接器属性添加到 depoyment.toml 中，如下所示.

Then add all the connector properties to the depoyment.toml as follows.

[custom_trasport.x509.properties]
protocol="HTTP/1.1"
port="8443"
maxThreads="200"
scheme="https"
secure="true"
SSLEnabled="true"
keystoreFile="/path/to/keystore.jks"
keystorePass="keystorepwd"
truststoreFile="/path/to/truststore.jks"
truststorePass="truststorespassword"
bindOnInit = "false"
clientAuth="want"
sslProtocol="TLS"

这篇关于无法使用Deployment.toml配置X509证书身份验证器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！