Adding Support for Certificate Based Authentication (WSMan)

Description

Current Situation:

  • Configuration Details:

    • WSMan service is configured on IP address 77.95.244.73.

    • Polling command used: poll -c org.opennms.netmgt.poller.monitors.WsManMonitor 77.95.244.73 resource-uri="http://schemas.microsoft.com/wbem/wsman/1/wmi/root/cimv2/Win32_Service" selector.Name="SNMP" rule="#State matches 'Running' and #Status matches 'OK'"

    • Issue encountered: Service is reported as down with the error javax.xml.ws.soap.SOAPFaultException: No CallbackHandler available to garner authentication information from the user.

Enhancement Request: The customer requires the ability to use certificate-based authentication with WSMan in OpenNMS. The current setup involves using certificates signed by the same CA and requires HTTPS/SSL, as insecure protocols are not an option. There is a need to support certificate-based authentication without relying on username and password credentials.

Additional Information:

  • The customer has successfully used Kerberos authentication with the appropriate enctype (aes256-cts-hmac-sha1-96), but now seeks a solution for certificate-based authentication.

  • The customer is willing to provide configuration files if needed for further analysis.

Request: Please investigate and develop an enhancement to support certificate-based authentication with WSMan in OpenNMS, addressing the need for HTTPS/SSL and avoiding insecure protocols.

Environment

OpenNMS Version: Meridian 2023.1.1 Java Version: java-11-openjdk-11.0.18 OS for OpenNMS Server: Rocky Linux OS for Windows Server (WSMan): Unknown Kerberos Authentication: Used for testing, with keytab file requiring enctype aes256-cts-hmac-sha1-96

Acceptance / Success Criteria

None

Activity

Show:

Marshall Massengill 2 days ago

This would require updates to this library (or an alternative):

Details

Assignee

Reporter

Components

Fix versions

Affects versions

Priority

PagerDuty

Created August 12, 2024 at 3:51 PM
Updated 2 days ago