...
Property | Sample Value | Description |
---|---|---|
ldapServerConfig arguments |
| URL, baseDN and credentials of LDAP Server |
certObjectClass | inetOrgPerson | LDAP object class used to store certificates |
attrUID | uid | Attribute containing X509 subject DN |
attrIssuerID | manager | LDAP attribute containing X509 issuer DN |
attrSerialNumber | employeeNumber | LDAP attribute containing X509 serial number |
attrCrtBinary | userCertificate | LDAP attribute containing X509 certificate content |
constAttrNamesCSV | sn | Comma separated list of mandatory LDAP attributes |
constAttrValuesCSV | X509 certificate | Comma separated list of mandatory LDAP attributes values |
serviceCertRDNTemplate | cn=%s,ou=services | Relative distinguished name for service certificates |
serviceCertUIDTemplate | cn=%s | Template to transform service QName to DN for storing into attrUID |
trustedAuthorityFilter | (&(objectClass=inetOrgPerson)(ou:dn:=CAs)) | Filter to determine trusted CAs for trusted chain validation |
intermediateFilter | (objectClass=inetOrgPerson) | Filter to determine intermediate certificates for trusted chain validation |
Supported certificates types.
XKMS distinguishes following types of X509 certificates:
Type | Description |
---|---|
User | Normal user X509 certificate |
Service | Certificate identifies service. Required application "urn:apache:cxf:service:soap" by lookup and registration. Identified as {SERVICE_ NAMESPACE}SERVICE_NAME |
Trusted CA | CAs used as trusted anchor by certificates validations. Trusted CAs can be retrieved using trustedAuthorityFilter property |
Integration XKMS client into CXF runtime.
...