Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check 'client auth' key usage on mtls identity #407

Merged
merged 1 commit into from
Feb 21, 2024
Merged

Check 'client auth' key usage on mtls identity #407

merged 1 commit into from
Feb 21, 2024

Conversation

guicassolato
Copy link
Collaborator

@guicassolato guicassolato commented Jun 12, 2023
edited
Loading

Make the mTLS identity verification method to check for 'Client authentication' extended key usage, instead of default 'Server authentication' (ref).

@guicassolato guicassolato self-assigned this Jun 12, 2023
@guicassolato guicassolato changed the base branch from main to generate-test-certs June 12, 2023 19:36
@guicassolato guicassolato force-pushed the mtls-require-ext-client-auth branch from 8f61f74 to f896219 Compare June 13, 2023 09:24
Base automatically changed from generate-test-certs to main June 16, 2023 09:37
@guicassolato guicassolato marked this pull request as ready for review December 18, 2023 13:15
@guicassolato guicassolato force-pushed the mtls-require-ext-client-auth branch 2 times, most recently from ca9d923 to 96dcd46 Compare December 18, 2023 13:29
@guicassolato guicassolato requested a review from a team December 19, 2023 14:35
@guicassolato guicassolato added this to the v0.17.x milestone Jan 8, 2024
KevFan
KevFan reviewed Feb 2, 2024
View reviewed changes
Copy link
Contributor

@KevFan KevFan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good, but following the mtls-authentication guide gives me an error with certificate specifies an incompatible key usage 🤔

docs/user-guides/mtls-authentication.md Show resolved Hide resolved
@guicassolato
Check 'client auth' key usage on mtls identity
a0b013d 
Make the mTLS identity verification method to check for 'client auth' extended key usage, instead of default 'server auth'.
@guicassolato guicassolato force-pushed the mtls-require-ext-client-auth branch from 96dcd46 to a0b013d Compare February 20, 2024 14:25
@guicassolato guicassolato requested a review from a team February 20, 2024 14:37
@guicassolato
Copy link
Collaborator Author

Code looks good, but following the mtls-authentication guide gives me an error with certificate specifies an incompatible key usage 🤔

@KevFan, with which version of Authorino did you run the guide? The guide was written (including with the changes in this PR) assuming that it will work after we merge the PR. This is because in the PR we're also changing the code that make the guide work of course.

To try the guide before merging the PR, you should start with make local-setup FF=1, and then go straight to step ❹ of the guide.

Please let me know if this works for you.

KevFan
KevFan approved these changes Feb 21, 2024
View reviewed changes
Copy link
Contributor

@KevFan KevFan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@guicassolato Oh, that was it 👍 Ran through the guide again and works as expected ! 🎖️

Looks good to me 👍

@guicassolato guicassolato merged commit aa46e55 into main Feb 21, 2024
9 checks passed
@guicassolato guicassolato deleted the mtls-require-ext-client-auth branch February 21, 2024 11:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KevFan KevFan KevFan approved these changes

Assignees

@guicassolato guicassolato

Labels
area/implementation kind/enhancement New feature or request size/small
Projects
Kuadrant
Status: Done
Milestone
v0.17.x
Development

Successfully merging this pull request may close these issues.
2 participants
@guicassolato @KevFan