Closed Alexaas closed 3 years ago
liga-oz
commented
3 years ago Hi @Alexaas,
just for clarification for the feature request, the forwarded certificate is never used for token exchange as you do not have the key. Instead you would perform basic authentication (PasswordTokenFlow) using the certificate from service binding. Is that what you meant?
Kind Regards, Liga
Alexaas
commented
3 years ago Hi @liga-oz , I think finally we want to implement/support the scenario described here: https://jam4.sapjam.com/questions/KWx5pupgcsd92FyCfrmB21 (x5.09 section). Regards, Alex
nenaraab
commented
3 years ago Hi @Alexaas
Yes, with @liga-oz change Spring Boot applications support basic authentication not only for client id/secret password grant. but also for client id / certificate. The sample might be adjusted as well https://github.com/SAP/cloud-security-xsuaa-integration/tree/master/samples/spring-security-basic-auth
For the latter part we need double check whether this is still valid and whether it gets supported with the clietnt libraries.
nenaraab
commented
3 years ago Hi @Alexaas @liga-oz has adapted the https://github.com/SAP/cloud-security-xsuaa-integration/tree/master/samples/spring-security-basic-auth as well. It will be supported with version 2.10.2 Kind regards, Nena
Hi, in a forwarding certificates scenario the CF HA Proxy forwards the client certificate (mTLS) as header attribute. To use that as authentication in microservices a JWT token has to be fetched from xsuaa based on the certificate. This should be supported by the lib e.g. by extending the TokenBrokerResolver class.
Please check. Thanks and Regards, Alex