Authenticate users based on client certificate in published web service
Hello, I need to authenticate users (source systems) that are consuming a published web service in my Mendix app by validating their client certificate (not which CA signed the certificate, but the actual certificate itself). I have tried to extract the client certificate using the IMxRuntimeRequest object (via IMxRuntimeRequest.getHttpServletRequest()) however this doesn't help as the required attribute "javax.servlet.request.X509Certificate" is not present. In fact there are no attributes present in the HttpServletRequest object. My app is hosted in the Mendix Cloud. Does anyone have any suggestion how to solve this problem? I cannot use WS-Security or pass the client certificate in the SOAP request. I must use the client certificate that was used to setup the SSL connection with the Mendix server. Thanks! Andrew
Andrew Whalen DISW
Hi Andrew, currently I dont have acces to a laptop, so will keep it short and review the status of Your question tomorrow.
In the Mx cloud you can configure access restrition profiles based on a CA. If you link that to the endpoint of the api, the Mx infrastructure will require a client certificate to be provided signed by that CA. When you do so, an additional http header will be provided indicating the used certificate (Common Name) on which you can develop custom authentication in your API.