Author Archives: stexx
Due to an active development process of features, natural chaos regarding organizational issues (e.g. Kenai was closed for public access) and a lot of urgent deadlines for proposals and papers, it has been a long time since we published a … Continue reading
I was currently trying to integrate foaf-ssl single-sign-on, which is a decentralized service to authenticate users with client certificates in Social Semantic Web applications, in KiWi. The idea behind foaf-ssl is that a user has its certificates inside of his browser and is asked to choose one certificate to authenticate with the application. The certificate contains a link to the WebID, which can be used to locate the users` foaf-file, where personal information like first and last name, birthday and eMail address can be found. In my opinion, this is a great opportunity to build applications that are able to import data about identities without annoying them with recurring registration processes and weak password protections.
To use foaf-ssl within your application you may like to build your own identity provider (idp) servlet, which checks the client certificates, extracts the web id from the certificate and redirects to a URL, which has been passed as a GET parameter to the servlet. The first step towards enabling such a service is the configuration of your application server. Henry Story provided a detailed description on how to configure Tomcat 6 to allow client certificate authentication. As JBoss AS 4.2.3 uses Tomcat 6 aswell internally, the configuration of JBoss AS does only slightly differ from the Tomcat 6 configuration. Continue reading