Authenticating by certificate

[Shimon Crown <sh...@equipnet.co.il>]

I wish to authenticate users by means of PKI certificates based on information stored in an LDAP server (a bit vague here but I am not sure exactly what I need to store - is it the issuing authorities certificate or a copy of the certificate presented by the client {less likely} or maybe just the URL to the issuing authority.). The LDAP server will most probably ( 99% certain ) be Windows Active Directory. There doesn't seem to be any documentation on how to do this.  The JNDIRealm that is built in to Tomcat is user/password based so it doesn't seem to be useful to me.Has anyone implemented a similar solution and could get me started in the right direction.

Shimon Crown