ClientCertificateBasedAuthenticationHandler cannot be disabled through the deployment.toml file

[deshankoswatte]

Current Limitation

It is not possible to configure or disable the ClientCertificateBasedAuthenticationHandler through the deployment.toml file. Therefore, if there is a requirement to avoid using the ClientCertificateBasedAuthenticationHandler, you cannot change its priority or disable the configuration.

Suggested Improvement

The identity.xml.j2 file should be templated (such as mentioned below) to allow configuring the priority and enabling or disabling the ClientCertificateBasedAuthenticationHandler through the deployment.toml file.

<EventListener id="client_certificate_authentication_handler"
   type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"
   name="org.wso2.carbon.identity.auth.service.handler.impl.ClientCertificateBasedAuthenticationHandler"
   orderId="1000"
   enable="{{event.default_listener.client_certificate_authentication_handler.enable}}">
</EventListener>

Version

wso2is-5.9.0

[asha15]

Closing the issue since the U2 update has been released and the issue has been fixed in the master branch with the following PRs:

• [Config] Make enable property of client_certificate_authentication_handler configurable  carbon-identity-framework#3477
• [Config] Enable by default of client_certificate_authentication_handler  carbon-identity-framework#3479