Is integration of mTLS possible in Liferay?
written-by
Adorjan Meszaros
knowledge-article-header-disclaimer-how-to
knowledge-article-header-disclaimer
legacy-article
learn-legacy-article-disclaimer-text
Issue
- We are required to use mTLS (Mutual Transport Layer Security) for certain requests
- Is it possible to integrate mTLS with Liferay?
Environment
- DXP 7.4
- Quarterly Releases
Resolution
- Yes, it is possible to make the integration with mTLS
- Server side setup:
- Ensure the Identity Manager's endpoint is configured to enforce mTLS.
- This typically requires setting up the provider to validate client certificates during the handshake.
- Configuration steps depend on the Identity Manager's specific deployment, but will likely involve specifying a truststore with allowed certificates.
- Liferay Client side setup:
- Configure Liferay DXP to use the appropriate connector. E.g. the SCIM connector supports secure communication using mTLS by defining certificates in the keystore/truststore and referencing these in the HTTP client used by the SCIM connector.
- Additional configuration in the connector JSON (such as enabling mTLS and specifying keystore paths) may be required.
did-this-article-resolve-your-issue