Does OpenEdge.Net.HttpClient support Client authentication c

Posted by Christophe CAMICAS on 16-Jan-2017 08:31

Hi,

I'd like to call a REST webservice that requires a client digital certificate for authentication. I couldn't find any documention related to sending a key in the request ...

Unfortunately I found out, HttpClient does not support client-side private key :

https://community.progress.com/community_groups/openedge_development/f/19/t/27282

Any plan to support it in the future ?

Note : We are using OpenEdge 11.6.3.

Thanks

Posted by Christophe CAMICAS on 17-Jan-2017 04:06

Thank you for your answer.

The client-side certificate authentication is part of the TLS protocol standard :

en.wikipedia.org/.../Transport_Layer_Security

The webservice I tried to call requires this specific handshake.

I knew about the .Net and curl alternative, but I hoped there was another way natively in ABL/OpenEdge Net Library.

As for now, we opted for a dedicated micro service (based on nodejs), which is called by ABL and act as a proxy.

I hope the OpenEdge Net Library will evolve to keep up with the web standards.

Posted by Peter Judge on 17-Jan-2017 07:44

The OE.Net library uses the ABL socket for its communication – and the ABL socket doesn’t yet support client-side certs.
 
 

All Replies

Posted by ntwatkins on 16-Jan-2017 14:33

How are you supposed to send the client certificate?  Is it supposed to be part of the header or embedded as a JSON element in the request or through some other type of mechanism?

Posted by ntwatkins on 16-Jan-2017 14:42

As you previously stated, OpenEdge does not support this functionality natively.  If you are using Windows, you may be able to do this using a .Net class.  Another potential option is to make the call using curl.

Posted by Christophe CAMICAS on 17-Jan-2017 04:06

Thank you for your answer.

The client-side certificate authentication is part of the TLS protocol standard :

en.wikipedia.org/.../Transport_Layer_Security

The webservice I tried to call requires this specific handshake.

I knew about the .Net and curl alternative, but I hoped there was another way natively in ABL/OpenEdge Net Library.

As for now, we opted for a dedicated micro service (based on nodejs), which is called by ABL and act as a proxy.

I hope the OpenEdge Net Library will evolve to keep up with the web standards.

Posted by Peter Judge on 17-Jan-2017 07:44

The OE.Net library uses the ABL socket for its communication – and the ABL socket doesn’t yet support client-side certs.
 
 

Posted by Christophe CAMICAS on 17-Jan-2017 09:04

Thank you [mention:9e4ee96fac634b8f91b580e1fb4f7e71:e9ed411860ed4f2ba0265705b8793d05] !

Any plan to add this support anytime soon (or later) ?

Posted by Peter Judge on 17-Jan-2017 10:08

I know it’s at least partially supported (the SOAP client/web-services out) does support it. I’ll see if I can find any more info for you.
 

This thread is closed