Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-871

Support the MONGODB-X509 authentication mechanism

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.12.0, 3.0.0
    • Component/s: Authentication
    • Labels:
      None

      Description

      This ticket is to support authentication using the distinguished subject name of the X.509 Certificate presented during SSL negotiation as the username.

      Essentially, this is yet another protocol in addition to MONGODB-CR and SASL that will need to be implemented.

      The command document for this mechanism is:

      {authenticate: 1, mechanism: 'MONGODB-X509', user: <username>}

      ...where <username> is the distinguished subject name of the X.509 client certificate in RFC 2253 format. It can be determined using openssl:

      openssl x509 -in </path/to/client.pem> -inform PEM -subject -nameopt RFC2253

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jeff.yemin Jeff Yemin
                Reporter:
                jeff.yemin Jeff Yemin
                Participants:
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: