Hi All,
I have couple of queries on protecting web services authentication https://<hostname>:<port>/authazws/auth?wsdl using certificate based authentication scheme.
I have had few ideas from the old post but still have some queries and started this new thread.
Protecting SPS WebServices Ujwol
I am in a understanding that the SSL needs to be enabled in SPS Apache level to achieve the cert based auth.
I would like to get your thoughts to correct to understand better.
Below is how my setup is:
- Couple of servers serving federation traffic
- Enabled WebServiceAuth in the same same instance i.e. enabled the WebService in Server.conf and kept a viruathost config for webservice auth.
- Different agent for FED traffic and Web Service Auth traffic
- SSL is decrypted in Load balancer itself and end to end ssl is not enabled (Load balancer has the cert uploaded and decrypt the ssl)
In this scenario, how do we configure cert based auth to protect WebService based authentication traffic?
May be a basic question but I need your help to understand better.
Do you have any article which explain the basic about the certificate based auth scheme setup? I never tried it before so looking to get some hands on.... Any help?