You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Nick Duan <nd...@mcdonaldbradley.com> on 2007/06/20 14:17:01 UTC

Combining form-based authentication with client-cert authentication

Is there anyway to allow both client-cert authentication and form-based
authentication to work together in Tomcat? or J2EE web servers in
general?

I'd like to have users to log in to an web app using either user cert or
username/password.  If a user doesn't have a cert, the login page will
show up.

Thanks!

ND

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Combining form-based authentication with client-cert authentication

Posted by Johnny Kewl <jo...@kewlstuff.co.za>.

Nick, never done it, but I think, yes you can.
You cant directly integrate them, if the SSL client auth fails in the 
handshake, thats it, tomcat wont smell that request.
But you will get an error, and that means you should be able to make a 
custom error page..... on that you say, "You who doesnt want to pay 
Verisign.... click here to log in".

In your pages.... and I forget the details, you "can" check if its an SSL 
connection, and whether the user has logged in.... so if neither, they get 
sent to the log in page, if SSL is active or user is logged in.... they 
proceed.  On the login page, you have a link to the SSL easy access page.

Something like that... interesting project.




----- Original Message ----- 
From: "Nick Duan" <nd...@mcdonaldbradley.com>
To: <us...@tomcat.apache.org>
Sent: Wednesday, June 20, 2007 2:17 PM
Subject: Combining form-based authentication with client-cert authentication


> Is there anyway to allow both client-cert authentication and form-based
> authentication to work together in Tomcat? or J2EE web servers in
> general?
>
> I'd like to have users to log in to an web app using either user cert or
> username/password.  If a user doesn't have a cert, the login page will
> show up.
>
> Thanks!
>
> ND
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
> 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org