You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Markus Kirsten <ma...@iped.vxu.se> on 2002/06/18 13:18:08 UTC

Problem with authentication through mod_webapp

Hi,
I've successfully set up a JDBC Realm for my application that works 
perfectly when I'm going straight to Tomcat (that is using port 8080) 
but not when I'm trying to access it trough Apache (with mod_webapp). 
Authentication always fails when I'm going through mod_webapp, but work 
just as it should if I access it on post 8080.

Any ideas?

Thank you for your time.


Markus


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

SSL Client authentication

Posted by Spiros Vazaloukas <sp...@necis.be>.

Hi all,

I am using SSL client authentication on Tomcat 4.0.1 but I am
getting some errors. I've enabled client authentication in
server.xml and I've created all the certificates.
If somebody has some experience in similar configurations
please have a look to the steps I followed and let me know
if you see something wrong:


***** Generate tomcat certificate ***************
keytool -genkey -alias tomcat -keyalg RSA
keytool -certreq -alias tomcat -file tomcat.csr

***** Generate the ca certificate ***************
openssl req -new -newkey rsa:512 -nodes - \
            out ca.req -keyout ca.key
openssl x509 -trustout -signkey ca.key -days 365 \
            -req -in ca.req -out ca.crt

***** Sign the tomcat request to generate my certificates *********
openssl x509 -CA ca.crt -CAkey ca.key -in tomcat.csr \
        -out tomcat.crt -req -CAcreateserial

************ Import both into the cacerts *******************
keytool -import -file ca.crt -alias RootCert \
        -keystore $JAVA_HOME/jre/lib/security/cacerts
keytool -import -file tomcat.crt -alias tomcat  \
        -keystore $JAVA_HOME/jre/lib/security/cacerts

*************** Generate a client certificate  ***********************
openssl req -new -newkey rsa:512 -nodes -out \
            client.req -keyout client.key
openssl x509 -CA ca.crt -CAkey ca.key -req -in
            client.req -out client.crt

But when I run the following test:
openssl s_client -cert client.crt -key client.key \
            -connect localhost:8443
I get an error:

CONNECTED(00000003)
2504:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake failure:s23_clnt.c:455:

Any idea?

Thanks
Spiros




--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Problem with authentication through mod_webapp

Posted by Markus Kirsten <ma...@iped.vxu.se>.

Hi Richard,
No, I'm using FORM based authentication and the login page shows up when 
I try to access a resource inside a protected area, but no matter which 
account I try to log on with I just get to the login failed page.

Does anyone have a JDBC Realm up and running together with mod_webapp 
(Apache 1.3.23 and Tomcat 4.0.3)?


Markus

On tisdag, juni 18, 2002, at 01:57 , Richard Plukker wrote:

> Do you use the basic authentication method?
> Maybe try the form authentication method.
> Because apache also has a basic authentication method, maybe these two 
> don't get along.
>
>
> Markus Kirsten wrote:
>
>> Hi,
>> I've successfully set up a JDBC Realm for my application that works 
>> perfectly when I'm going straight to Tomcat (that is using port 8080) 
>> but not when I'm trying to access it trough Apache (with mod_webapp). 
>> Authentication always fails when I'm going through mod_webapp, but 
>> work just as it should if I access it on post 8080.
>>
>> Any ideas?
>>
>> Thank you for your time.
>>
>>
>> Markus
>>
>>
>> -- To unsubscribe, e-mail:   <mailto:tomcat-user-
>> unsubscribe@jakarta.apache.org>
>> For additional commands, e-mail: <mailto:tomcat-user-
>> help@jakarta.apache.org>
>>
>>
>
>
>
>
> --
> To unsubscribe, e-mail:   <mailto:tomcat-user-
> unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-user-
> help@jakarta.apache.org>
>


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Problem with authentication through mod_webapp

Posted by Richard Plukker <ri...@bowtie.nl>.

Do you use the basic authentication method?
Maybe try the form authentication method.
Because apache also has a basic authentication method, maybe these two 
don't get along.


Markus Kirsten wrote:

> Hi,
> I've successfully set up a JDBC Realm for my application that works 
> perfectly when I'm going straight to Tomcat (that is using port 8080) 
> but not when I'm trying to access it trough Apache (with mod_webapp). 
> Authentication always fails when I'm going through mod_webapp, but 
> work just as it should if I access it on post 8080.
>
> Any ideas?
>
> Thank you for your time.
>
>
> Markus
>
>
> -- 
> To unsubscribe, e-mail:   
> <ma...@jakarta.apache.org>
> For additional commands, e-mail: 
> <ma...@jakarta.apache.org>
>
>




--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>