Authentication with Digital Certificates/SSL
There are two aspects of authentication for Presto that you can configure for digital certificates: 1) whether Presto accepts certificates for user authentication and 2) what information Presto uses from the certificates to perform authentication.
Certificate authentication in Presto uses Personal Digital Certificates (PDC) from a client. The default authentication process when Presto receives a certificate looks for a user ID in the CN portion of the certificate's subjectDN. This user ID is authenticated against the User Repository.
If it is a valid user ID, this ends authentication. Presto continues with authorization for the request. If the user ID is not valid, the request is rejected.
To enable authentication based on digital certificates
2. Using any text or XML editor, edit the applicationContext-security.xml file in the web-apps-home/presto/WEB-INF/classes directory and:
a. Remove the comment markers from the <import> statement for the applicationContext-security-authn-x509.xml file.
The configuration would look something like this:
<beans>
<import resource="applicationContext-security-authn-rememberme.xml" />
<import resource="applicationContext-security-scheduler.xml" />
<import resource="applicationContext-security-authn-x509.xml" />
<!--<import resource="applicationContext-security-authn-rsa.xml" /> -->
...
</beans>
b. Save your changes to this file.
3. If needed, change the default certificate authentication behavior with one or more of these options:
5. If needed, enable certificate caching for the Presto Server.
By default, the Presto Server does not cache user certificates. This ensures that any changes to user identification or authorization are detected as soon as possible but can impact performance. To turn caching on:
a. Using any text or XML editor, edit the applicationContext-security-authn-x509.xml file in the web-apps-home/presto/WEB-INF/classes directory.
b. Find the x509AutheticationProvider bean.
c. Add <property name="certificateCachingEnabled" value="true" /> to the list of properties for this bean.
d. Save your changes to this file.
6. To apply these changes, restart the Presto Server.