question about orbeon form submissions

I've a question about orbeon form submissions and SSL Client authentication.
I've read the documentation about this topic, and I understand that the
submissions to the endpoint are made server-side. What about SSL Client
authentication? I think the orbeon-server cannot inherit the browser session
during the submission to the endpoint, thus I guess that an SSL Client
authentication with the end point is not possible if the submission is made
server-side. Is it so? Is it possible to make a SSL Client handshake using
orbeon? Thank you


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws

agnesedalmonte wrote

I've a question about orbeon form submissions and SSL Client authentication.
I've read the documentation about this topic, and I understand that the
submissions to the endpoint are made server-side. What about SSL Client
authentication? I think the orbeon-server cannot inherit the browser session
during the submission to the endpoint, thus I guess that an SSL Client
authentication with the end point is not possible if the submission is made
server-side. Is it so? Is it possible to make a SSL Client handshake using
orbeon? Thank you

That's right: when a submission is made, it is done from the server. So if the service you call requires SSL client authentication, you won't be able to use the certificate users have in their browser. But in theory you could have a certificate on the server running Orbeon Forms, and have the <xforms:submission> use that certificate.

Now in practice however, we use the Apache HTTPClient which doesn't support this out of the box. I have used the AuthSSLProtocolSocketFactory in the past for this, which comes in the Not-Yet-Commons-SSL addition to HTTPClient (http://juliusdavies.ca/commons-ssl/).

I hope this helps,

Alex