You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Johannes <jo...@posteo.de> on 2015/05/07 19:54:49 UTC

userfriendly failed client authentification


Hello.

I'm using Tomcat 7.0.with Java 7.0.
I'm trying to create a webapp with needs a client certifiacte
authentification.
Normal client certifiacte authentfication works well and I can compute
the desired certificate data. The clientauth parameter in the https
connector is set to false. In my webapp is a security-constraint
registred for a url space, like  /secure/*.

If authentifications fails, a ugly browser error page occurs. A new
authentification try can only be attempt after reopen the browser.

I already noticed setting server wide clientauth to "want", I receive a
tomcat 401 http error page (which can be customized) if no client
certificate was found on a protected resource. But entering a bad
passphrase shows a ugly browser error page again.

Is there a way to deal with that? I believe the user acceptance will be
low with that behavior.

Best regards Johannes.

Re: userfriendly failed client authentification

Posted by Johannes <jo...@posteo.de>.

Thanks for your reply.

This would be one possibility. I tried to realize this, but in some
cases a browser specific error page is displayed instead of a
customizable tomcat error page. For example if in the server.xml
clientauth="true" you dont get any http error codes.

OK, the http traffic happens after ssl authentification, so I can
imagine that this has good reasons.

But maybe there is a way...





Am 08.05.2015 um 08:28 schrieb Violeta Georgieva:
> Hello,
> 
> 2015-05-07 20:54 GMT+03:00 Johannes <jo...@posteo.de>:
>>
>>
>>
>> Hello.
>>
>> I'm using Tomcat 7.0.with Java 7.0.
>> I'm trying to create a webapp with needs a client certifiacte
>> authentification.
>> Normal client certifiacte authentfication works well and I can compute
>> the desired certificate data. The clientauth parameter in the https
>> connector is set to false. In my webapp is a security-constraint
>> registred for a url space, like  /secure/*.
>>
>> If authentifications fails, a ugly browser error page occurs. A new
>> authentification try can only be attempt after reopen the browser.
>>
>> I already noticed setting server wide clientauth to "want", I receive a
>> tomcat 401 http error page (which can be customized) if no client
>> certificate was found on a protected resource. But entering a bad
>> passphrase shows a ugly browser error page again.
>>
>> Is there a way to deal with that? I believe the user acceptance will be
>> low with that behavior.
> 
> Consider providing your own error pages thus you can setup them with you
> company branding.
> 
> Best Regards,
> Violeta
> 
>> Best regards Johannes.
>>
>

Re: userfriendly failed client authentification

Posted by Violeta Georgieva <mi...@gmail.com>.

Hello,

2015-05-07 20:54 GMT+03:00 Johannes <jo...@posteo.de>:
>
>
>
> Hello.
>
> I'm using Tomcat 7.0.with Java 7.0.
> I'm trying to create a webapp with needs a client certifiacte
> authentification.
> Normal client certifiacte authentfication works well and I can compute
> the desired certificate data. The clientauth parameter in the https
> connector is set to false. In my webapp is a security-constraint
> registred for a url space, like  /secure/*.
>
> If authentifications fails, a ugly browser error page occurs. A new
> authentification try can only be attempt after reopen the browser.
>
> I already noticed setting server wide clientauth to "want", I receive a
> tomcat 401 http error page (which can be customized) if no client
> certificate was found on a protected resource. But entering a bad
> passphrase shows a ugly browser error page again.
>
> Is there a way to deal with that? I believe the user acceptance will be
> low with that behavior.

Consider providing your own error pages thus you can setup them with you
company branding.

Best Regards,
Violeta

> Best regards Johannes.
>