HTTP Signature Authentication Handler implementation for Apache Sling
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

HTTP Signature Authentication Handler implementation for Apache Sling using SSH authorized_keys.

How It Works

  1. Install the following bundles:
  1. Deploy an authorized_keys file containing the SSH public keys of clients who are authorized to login as admin, such as that of a Jenkins server, to either of the two locations on the server filesystem:
  • ${sling.home}/../.ssh/authorized_keys: Deploy to this location to only grant HTTP admin permission to client public keys. Notice that the .ssh directory in the path is a sibling of ${sling.home}, which allows for re-installation and backup/restore of the Sling instance without disturbing the authorized_keys file. This file takes precedence over the standard user home location.
  • ${user.home}/.ssh/authorized_keys: Deploy to this location only in order to grant ssh/scp access to clients with these public keys, in addition to granting them HTTP admin authentication.
  1. Use a Signature-enabled HTTP client to interact with the Sling instance, with a keyId format following the Joyent convention of "/$username/keys/$fingerprint". You can find Java-based helpers in httpsig-java for Apache Commons HttpClient 3.x, Apache Http Components 4.x, and Ning AsyncHttpClient.