SSL, PKI, Realms and integration with other software

["Madere, Colin" <co...@ieminc.com>]

To keep this brief, here's what's on my brain:

I have the need to use SSL, client certificates (as far as I know this falls
under the term "PKI", please tell me if I'm incorrect) for my client-server
interaction.  I plan to use Tomcat for Webapps but also have other software
server systems that the clients will be interacting with (browsers and
non-browsers).

I want to authenticate and authorize users via Tomcat's client-cert
functionality and Realms system, likely writing an auth plug-in for the
other software system to ask Tomcat for these features.  Obviously the SSL
encrypt/decrypt will have to be added to this other system and the clients
that connect to it, but the session management, authentication and
authorization can be passed off to Tomcat (assuming I can integrate with
them all).

In my searching for info, I found this bug:
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=4352

Hoping that doesn't stop me (or that it is fixed or will be real soon).

Another idea was to have a third system that handled the auth that both
Tomcat and the other software system connect to for authentication (such as
LDAP or similar idea), therefore making integration for the secondary
software system easier if more code/tools are available.  Problem here being
the client-certificate handling....? (and this would only take care of
authentication and nothing else, I believe)

Any thoughts/suggestions/references would be greatly appreciated.

Thanks,

Colin Madere


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org