How to map client certificate to user or group?

[Heinälä Petri]

Hi,

 

I add to the web.xml

 

<security-constraint>

      <display-name>Secure Application</display-name>

      <web-resource-collection>

         <web-resource-name> Secure Application</web-resource-name>

         <url-pattern>/app/cert/*</url-pattern>

      </web-resource-collection>

      <auth-constraint>

        <role-name>tomcat</role-name>

      </auth-constraint>

</security-constraint>

<login-config>

      <auth-method>CLIENT-CERT</auth-method>

      <realm-name>Secure Application</realm-name>

</login-config>

<security-role>

      <role-name>tomcat</role-name>

</security-role>

 

...and SSL client authentication works until Tomcat try to map client 
certificate to user or group.

 

So how I should configure client certificate - user/group mapping?

 

Br,

Petri