We are required to use mTLS (Mutual Transport Layer Security) for certain requests
Is it possible to integrate mTLS with Liferay?
Environment
DXP 7.4
Quarterly Releases
Resolution
Yes, it is possible to make the integration with mTLS
Server side setup:
Ensure the Identity Manager's endpoint is configured to enforce mTLS.
This typically requires setting up the provider to validate client certificates during the handshake.
Configuration steps depend on the Identity Manager's specific deployment, but will likely involve specifying a truststore with allowed certificates.
Liferay Client side setup:
Configure Liferay DXP to use the appropriate connector. E.g. the SCIM connector supports secure communication using mTLS by defining certificates in the keystore/truststore and referencing these in the HTTP client used by the SCIM connector.
Additional configuration in the connector JSON (such as enabling mTLS and specifying keystore paths) may be required.
