Hi,
I'm using Tomcat 4.0.6 and configured it for client authentication. This works fine.
Then I tried to add a realm to a certain webapp in order to control access. As I have
read in several sources either the client certificates Common Name or the complete
Distinguished name are used to identify the user (i.e. CN or DN must be identical to
username in Tomcat's users.xml-file in order to identify the user.).
I tried both the CN or DN string as username in users.xml, but when accessing the
secured webapp I get a 401 - Cannot authenticate with the provided credentials...
What is wrong? Does that kind of authentication not work with users.xml?
Thanks, Ivo
PS: this is a snippet of my secured webapp's web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>foo client auth</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>foo</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>foobar</realm-name>
</login-config>
<security-role>
<role-name>foo</role-name>
</security-role>
<!-- my client certificate's CNis "Ivo Matheis -->
<tomcat-users>
<user name="tomcat" password="tomcat" roles="tomcat" />
<user name="Ivo Matheis" password="null" roles="foo" />
</tomcat-users>
______________________________________________________________________________
Spam-Filter fuer alle - bester Spam-Schutz laut ComputerBild 15-03
WEB.DE FreeMail - Deutschlands beste E-Mail - http://s.web.de/?mc=021120
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
