How do you use TLS/SSL Http Authentication with a CXF client to a web service?

Question

I'm trying to access a web service secured by a certificate. The security is setup on IIS and the web service is behind it.

I don't think WS-SECURITY will do this type of authentication. Is there any way to pass the client certificate when you call the web service?

I'm just getting an IIS Error Page that says "The page requires a client certificate".

I'm using CXF 2.1.4

Answer 1

Yes, this is possible using CXF. You will need to set up the client conduit. You can specify the keystore that contains the certificates that will allow you to access the web service in IIS. As long as the certificate you are using here is a known allowed client in IIS, you should be ok.

<http:conduit name="{http://apache.org/hello_world}HelloWorld.http-conduit">

   <http:tlsClientParameters>
       <sec:keyManagers keyPassword="password">
            <sec:keyStore type="JKS" password="password"
                 file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
       </sec:keyManagers>
       <sec:trustManagers>
           <sec:keyStore type="JKS" password="password"
                file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
       </sec:trustManagers>

       ...

   </http:tlsClientParameters>

Sample from: CXF Wiki