You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Zhan, Jimmy" <jz...@casham.com> on 2007/02/16 01:54:42 UTC
HOW TO turn on client Certificate with pop "choose a digital certificate" window
Hi,
I have set up HTTPS for tomcat without client certificate, and it is
running good. Now I want to turn on the client certificate.
How can to config the tomcat, let pop a "Choose a digital
certificate" window, allow clients pick Choose a digital certificate,
If failed , pop a new window to allow user input "User Name" and
"Password".
In file servrer.xml , if change clientAuth="true", then when client
is not in the "truststoreFile",
"The page cannot be display" comes out.
If change clientAuth="want", then, tomcat ignores the result of
checking client certificate.
Thanks in advance!!
Jimmy ZHAN
Cash America International
Re: HOW TO turn on client Certificate with pop "choose a digital certificate" window
Posted by Pulkit Singhal <pu...@gmail.com>.
For IE if you try to go to a https URL directly that requires Client Authn,
IE itself will pop u a winddow.
On 2/15/07, Zhan, Jimmy <jz...@casham.com> wrote:
>
> Hi,
>
>
>
> I have set up HTTPS for tomcat without client certificate, and it is
> running good. Now I want to turn on the client certificate.
>
>
>
> How can to config the tomcat, let pop a "Choose a digital
> certificate" window, allow clients pick Choose a digital certificate,
>
>
>
> If failed , pop a new window to allow user input "User Name" and
> "Password".
>
>
>
> In file servrer.xml , if change clientAuth="true", then when client
> is not in the "truststoreFile",
>
>
>
> "The page cannot be display" comes out.
>
>
>
> If change clientAuth="want", then, tomcat ignores the result of
> checking client certificate.
>
>
>
> Thanks in advance!!
>
>
>
>
>
> Jimmy ZHAN
>
>
>
> Cash America International
>
>
>
>
>
>
>
>
>
>
Re: HOW TO turn on client Certificate with pop "choose a digital certificate" window
Posted by Bill Barker <wb...@wilshire.com>.
I can see two ways to do this:
1) Tomcat-Specific: Use clientAuth="want" on the Connector, and configure
the webapp to use BASIC auth in web.xml. You then add a Valve that looks
for the cert, and authenticates the user based on the cert if possible.
2) Similar in that you still have clientAuth="want", but you have a Filter
in your webapp that looks for the cert, and if it doesn't find it it returns
a proper 401 response asking for Basic auth. While this is portable across
containers, it has the downside that it doesn't allow you to use
container-managed security (e.g. <security-constraint>).
"Zhan, Jimmy" <jz...@casham.com> wrote in message
news:26D0B22D0A22D445916A05D3E8E6B54E042D3C53@MAIL.casham.com...
Hi,
I have set up HTTPS for tomcat without client certificate, and it is
running good. Now I want to turn on the client certificate.
How can to config the tomcat, let pop a "Choose a digital
certificate" window, allow clients pick Choose a digital certificate,
If failed , pop a new window to allow user input "User Name" and
"Password".
In file servrer.xml , if change clientAuth="true", then when client
is not in the "truststoreFile",
"The page cannot be display" comes out.
If change clientAuth="want", then, tomcat ignores the result of
checking client certificate.
Thanks in advance!!
Jimmy ZHAN
Cash America International
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org