WSO2 IS/APIM : support Mutual TLS Profile for OAuth 2.0 ?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

WSO2 IS/APIM : support Mutual TLS Profile for OAuth 2.0 ?

Youcef HILEM
Hi all,

Is Mutual TLS Profile for OAuth 2.0 supported [1] ?

Open banking applications in Europe, where X.509 certificate based
authentication is required by law, will find this new method indispensable.

[1] https://tools.ietf.org/html/draft-ietf-oauth-mtls-05


Thanks
Youcef HILEM



--
Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html
_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: WSO2 IS/APIM : support Mutual TLS Profile for OAuth 2.0 ?

Youcef HILEM
Reply | Threaded
Open this post in threaded view
|

Re: WSO2 IS/APIM : support Mutual TLS Profile for OAuth 2.0 ?

Sathya Bandara
Hi Youcef,

Currently this feature supports client authentication using self-signed certificates. You can refer the official documentation at [1].

[1] https://docs.wso2.com/pages/viewpage.action?spaceKey=IS550&title=Mutual+TLS+for+OAuth+Clients

Thanks,
Sathya




--
Sathya Bandara
Software Engineer
WSO2 Inc. http://wso2.com
Mobile: <a href="tel:+94%2071%20411%205032" value="+94714115032" target="_blank">(+94) 715 360 421

<a href="tel:+94%2071%20411%205032" value="+94714115032" target="_blank">

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: WSO2 IS/APIM : support Mutual TLS Profile for OAuth 2.0 ?

Youcef HILEM
Hi Sathya,

We need to implement the regulatory requirements
(http://www.etsi.org/deliver/etsi_ts/102600_102699/10264003/02.01.01_60/ts_10264003v020101p.pdf),
in particular:
6.3 : REM Sender/REM Recipient Authentication
b) Enhanced: using enhanced authentication such as two factor authentication
mechanisms linked to a one time password;
c) Strong: mutual SSL authentication, which includes client’s side user
certificate;


Can't access to
https://docs.wso2.com/display/IS550/Mutual+TLS+for+OAuth+Clients

Thanks
Youcef HILEM



--
Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html
_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture