How can I configure JBoss EAP 6 so that EJB connections use 2-way SSL and username/password authentication?

Solution Verified - Updated 5 Aug 2024

Environment

Red Hat JBoss Enterprise Application Platform (EAP)
- 6.x

Issue

How can I configure JBoss EAP 6 so that EJB connections use 2-way SSL (mutual authentication) and username/password authentication?

Resolution

The server side - standalone.xml:

     <subsystem xmlns="urn:jboss:domain:remoting:1.1">
         <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm">
            <properties>
                <property name="SSL_ENABLED" value="true"/>
                <property name="SSL_STARTTLS" value="false"/>
                <property name="SSL_CLIENT_AUTH_MODE" value="REQUIRED"/>
            </properties>
         </connector>
     </subsystem>

The client side - explicitly disable the "EXTERNAL" SASL mechanism:

remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=EXTERNAL

Also, The client needs to be configured in a similar way:

        p.put("remote.connectionprovider."
                + "create.options.org.xnio.Options.SSL_ENABLED", true);
        p.put("remote.connection.default.connect."
                + "options.org.xnio.Options.SSL_STARTTLS", false);     // FIXME:  set SSL_STARTTLS to false

SBR

JBoss Security

Product(s)

Red Hat JBoss Enterprise Application Platform

Components

jbossas

Category

Learn more

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.