具有相互身份验证的 WSO2 ESB 代理后端 [英] WSO2 ESB proxy backend with mutual authentication

问题描述

是否可以将相互身份验证(客户端 SSL 证书)与 WSO2 ESB 一起使用?(我不是在谈论 WS-Security.)

Is it possible to use mutual authentication (client SSL certificates) with WSO2 ESB? (I'm not talking about WS-Security.)

我发现可以将自定义密钥库添加到 ESB，但我找不到有关如何指定在连接到特定后端时要使用的客户端密钥的任何信息.

I see that it is possible to add custom keystores to the ESB but I could not find any information on how to specify what client key to use when connecting to a specific backend.

推荐答案

是的.您可以为 ESB 代理服务启用相互身份验证.这里要做一些小配置，为所有代理服务启用相互认证.您可以编辑axis2.xml 文件并将以下属性更改为需要"

Yes. You can enable mutual authentication for ESB proxy service. Here you want to do small configuration to enable mutual authentication for all proxy service . You can edit axis2.xml file and change following property to "require"

<parameter name="SSLVerifyClient">require</parameter>

您可以找到更多详细信息这里.但是，如果您为给定的代理服务集启用相互身份验证，则还有更多工作要做.. 更多详细信息，您可以找到 此处.ESB 中的旧版本存在问题.因此您需要安装一些补丁.但是有 4.7.0 和 4.8.0(下一个版本).已经修复.

More details you can find here. However, if you are enabling mutual authentication for given set of proxy services, There is some more to do.. More details you can find here. There was an issue with older release in ESB. therefore you need some patches to install. but with 4.7.0 and 4.8.0 (next release). there have been fixed.

这篇关于具有相互身份验证的 WSO2 ESB 代理后端的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！