Search code examples
wso2apache-axisws-securityrampartwso2-esb

wso2esb - Dynamic proxy security configuration – one proxy to secure them all


I’m using wso2esb-4.9.0, then wso2-5.0.0, and now working on wso2ei-6.0.0

I would like to create a secured proxy service that could be used by different clients. Required security is scenario 5 (sign and encrypt – x509 authentication) : Messages are encrypted using service (server) public certificate and signed using client private key. Since multiple client will use the service, each client should sign the message using client private key. At the server side, the public certificate for each client should be already be in the trust store of the server.

At server side, I can do a hardcoded configuration for rampart in order to respond correctly for incoming request from client1 OR for client2. This means that, for now, the only solution I found in order to support 2 clients, for the same backend service, is through the use of two proxy service, each configured to verify the signature of exactly one client.

I would like to get advice or pointers in order to configure the server side in a dynamic way, where only one proxy service is used. This proxy service should be able to configure at run time correctly rampart, in order to decrypt and verify the signature of the incoming message (one proxy, for N clients).

Thanks,


Solution

  • So, in fact nothing extra needs to be done at configuration level of rampat, since the harcoded configuration is related to the server side, when it would like to consume smthg for other party.

    Since the incomming request contains informations related to certificate data, server will dynamically check his keystore in order to verify the incomming signed message... so once again, just configure rampart, at service side, and at client side and let the magic happen.

    thanks to wso2 team for great product suite !