search

zowe / zss

Zowe System Services Server for enabling low-level microservices
Eclipse Public License 2.0
13 stars 45 forks source link

Client certificate documentation #644

Open achmelo opened 1 year ago

achmelo commented 1 year ago

Is your feature or enhancement request related to a problem or limitation? Please describe As a client of ZSS, I would like to authenticate using the client certificate. What are the requirements for such certificates?

Describe your enhancement idea

I would like to have the documentation that states what steps need to be taken before ZSS accepts my certificate. What does it mean in terms of authorization? Do I need to have permission in SAF to use certain callable services(as it is for JWT in some ESMs) or are these calls done by the server user?

jordanfilteau1995 commented 1 year ago

I've been using it with racf during my testing. If you add the client certificate as personal to a userid, then the r_usermap service will correctly identify the userid associated with the client certificate validated in the tls handshake. I haven't done any testing on tss or acf2 yet, but I imagine the steps are similar. I will circle back to this.

JoeNemo commented 1 year ago

Is this clear enough now for @achmelo to proceed? Do we need to meet?

jordanfilteau1995 commented 1 year ago

There should probably be better documentation, but I don't have time right now.