You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Apache Wiki <wi...@apache.org> on 2007/11/04 20:26:13 UTC

[Tomcat Wiki] Update of "SSLWithFORMFallback" by RichardUnger

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.

The following page has been changed by RichardUnger:
http://wiki.apache.org/tomcat/SSLWithFORMFallback

------------------------------------------------------------------------------
  This page describes a Tomcat setup for SSL Client Authentication with fallback to FORM authentication.
  This is ''not'' for using FORM based authentication over a simple SSL channel - you do not need SSL client authentication for that.
  
- Note: Tested with Tomcat 5.5.17 and 5.5.20
+ Note: Tested with Tomcat 5.5.17, 5.5.20 and 5.5.25
  
  SSL Client Authentication (sometimes also known as "Client Certificate" authentication) uses the SSL protocol to authenticate clients based on a X509 Certificate. Normally this is accomlished by configuring SSL in Tomcat, and then configuring the Web Application's security descriptor to use "CLIENT-CERT" as the auth-method in the login-config section.
  
@@ -132, +132 @@

  
  === How does it work? ===
  
- The code is tested with Tomcat 5.5.17 and 5.5.20. It will probably work with only minor modifications for other Tomcat 5.5 versions. It has been tested using Java 1.5.
+ The code is tested with Tomcat 5.5.17, 5.5.20 and 5.5.25. It will probably work with only minor modifications for other Tomcat 5.5 versions. It has been tested using Java 1.5.
  
  In short, this code works because:
   * Tomcat uses the auth-config element of the deployment descriptor to create an Authentication Valve

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org