Hello Lalit, > I am trying to implement certificate based authentication between HttpClient > and Weblogic 8.1 server. > > I have one webapplication in weblogic server,In this application we have > defined authentication scheme is as "BASIC" with user name and password. > [...] > > Also is it required to use "SSL" for certificate based authentication
I'm afraid you are missing some very fundamental information about the principles of certificate based authentication. Since it is beyond the scope of this mailing list to explain cryptography basics, here are some pointers: Julius' mail explaining the purpose of certificates http://mail-archives.apache.org/mod_mbox/jakarta-httpclient-user/200611.mbox/[EMAIL PROTECTED] RFC 2246, in particular section 7.4.6 http://www.ietf.org/rfc/rfc2246.txt -> Yes, it is required to use SSL/TLS for certificate based authentication Client HTTP Programming Primer, scope of HttpClient http://wiki.apache.org/jakarta-httpclient/ForAbsoluteBeginners#head-e5df784207b3082d88f0c254a0b656275c2b2855 -> SSL/TLS is on the transport layer, it does not know about HTTP There is no HTTP authentication scheme for certificate based authentication, and if the client is authenticated by a certificate it does not make sense to require additional BASIC authentication. On the client, you need a key store that must be unlocked by the user when an SSL connection with client authentication is established to the server. That means you need a custom SecureProtocolSocketFactory that handles client authentication. The appropriate client certificate needs to be deployed to the key store on each client machine. On the server, you should search the documentation for details on how to configure certificate based client authentication. This is not just a checkbox in a dialog, you will have to prepare the infrastructure for certificate management and validation. cheers, Roland --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
