You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Shuwen <we...@yahoo.com> on 2007/09/12 22:19:32 UTC
tomcat ssl client authentication
Hi,
I would like to find out how to configure client authentication when enabling tomcat to run on https. From http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html, it says that
*******************
For using clientAuth on a per-user or per-session basis, check out the tips in Bugzilla 34643.
******************
Does it mean that if I would like to configure client authentication, I need to patch the .java file on
http://issues.apache.org/bugzilla/show_bug.cgi?id=34643?
I have found various sources on internet regarding the issue. Can anyone recommend a reliable way or point me to the reference for configuring client authentication?
Thanks a lot in advance,
Shuwen
---------------------------------
Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us.
Re: tomcat ssl client authentication
Posted by Bill Barker <wb...@wilshire.com>.
"Shuwen" <we...@yahoo.com> wrote in message
news:303044.1576.qm@web50412.mail.re2.yahoo.com...
> Hi,
> I would like to find out how to configure client authentication when
> enabling tomcat to run on https. From
> http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html, it says that
>
> *******************
> For using clientAuth on a per-user or per-session basis, check out the
> tips in Bugzilla 34643.
> ******************
> Does it mean that if I would like to configure client authentication, I
> need to patch the .java file on
> http://issues.apache.org/bugzilla/show_bug.cgi?id=34643?
>
This is mostly about "advanced topics" (e.g. adding users on the fly,
allowing the webapp to validate the cert). Most people get by with putting:
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
in their web.xml file, and configuring the truststore* attributes on the
<Connector /> in server.xml.
Note, if you apply the patch in 34643, then you are requiring your webapp to
autherise access to resources based on the client cert.
> I have found various sources on internet regarding the issue. Can
> anyone recommend a reliable way or point me to the reference for
> configuring client authentication?
>
>
>
> Thanks a lot in advance,
>
> Shuwen
>
>
> ---------------------------------
> Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user
> panel and lay it on us.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org