My actual configuration for principals.xml and web.xml is:
<<Principals.xml>> <<WEB.XML>> <<Application.xml>>
I send you my application.xml configuration also (for the role mapping).
I didn't use thr ssl-user-registration.jsp. I used the same classes in my
servlet. I sent you how I read the username and serial ID in mai "manual"
form mail.
You must use a username when using a Client certificate, the password isn't
needed.
NOTE: Do the IE or Navigator ask you for a Certificate? If the answer is
not, maybe you didn't install a personal certificate in you IE or Navigator.
> -----Original Message-----
> From: Montebove Luciano [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, October 09, 2000 5:16 AM
> To: Orion-Interest
> Subject: R: Client certificate authentication
>
> Hi Esteban,
>
> I already put the lines you added to your web.xml file (as the user if I
> use
> BASIC authentication works fine) but I have the same 403 problem.
> Could you send me your actual configuration for principals.xml and
> web.xml?
> Can you attach also the response you get from ssl-user-registration.jsp?
> When I call this page I can't see the username (could it be the problem?)
> In general I can't understand why I need a username and password when
> using
> Client certificate authentication and how I have to use them.
>
> Thanks,
>
> Luciano
>
> -----Messaggio originale-----
> Da: Lopez Esteban [mailto:[EMAIL PROTECTED]]
> Inviato: venerd� 6 ottobre 2000 20.58
> A: Orion-Interest
> Cc: [EMAIL PROTECTED]
> Oggetto: RE: Client certificate authentication
>
>
> Hi Luciano:
> I could fix the 403 Forbidden problem!!! It's easy:
>
> In the WEB.XML file you must do anything like this:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>MySecurity</web-resource-name>
> <url-pattern>/servlet/MainMenu</url-pattern>
> <http-method>*</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>users</role-name>
> </auth-constraint>
> </security-constraint>
>
> I I had forgotten to put:
> <auth-constraint>
> <role-name>users</role-name>
> </auth-constraint>
> and then no Role cuold have access.
>
> Remember that in the WEB.XML we need to map the "users" Role:
>
> <security-role>
> <description></description>
> <role-name>users</role-name>
> </security-role>
>
> I hope this help you.
>
> Esteban Lopez
>
>
> > -----Original Message-----
> > From: Montebove Luciano [SMTP:[EMAIL PROTECTED]]
> > Sent: Wednesday, October 04, 2000 4:55 AM
> > To: Orion-Interest
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: Client certificate authentication
> >
> > Hi Lopez,
> >
> > Can you detail your "manual" identification?
> >
> > Luciano
> >
> > -----Messaggio originale-----
> > Da: Lopez Esteban [mailto:[EMAIL PROTECTED]]
> > Inviato: marted� 3 ottobre 2000 21.53
> > A: Orion-Interest
> > Oggetto: RE: Client certificate authentication
> >
> >
> >
> > I don't solve the 403 problem yet, but I can identify users using
> > client certificates. I accept or not the user.
> > If you are interested in this "manual" identification I can explain
> > you more.
> >
> > > -----Mensaje original-----
> > > De: Montebove Luciano [SMTP:[EMAIL PROTECTED]]
> > > Enviado el: Martes, 03 de Octubre de 2000 04:59 a.m.
> > > Para: Orion-Interest
> > > Asunto: R: Client certificate authentication
> > >
> > > I can help you partially. I had the same 403 Forbidden problem and I'm
> > > waiting for a response from official support (5 days).
> > > For the Cert ID use the sample page ssl-user-registration.jsp in demo
> > SSL.
> > > It will show the cert id you are looking for.
> > > If you solve the 403 problem tell me.
> > >
> > > ���`����,��,����`�������`����,��,����`�����
> > > Luciano Montebove - Software Architect - Finsiel S.p.a
> > > E-mail: [EMAIL PROTECTED] Phone: (+39) 06-4142-7663
> > > "If you don't fail now and again, it's a sign you're playing it safe"
> > > -W. Allen
> > > ���`����,��,����`�������`����,��,����`�����
> > >
> > >
> > >
> > > -----Messaggio originale-----
> > > Da: Lopez Esteban [mailto:[EMAIL PROTECTED]]
> > > Inviato: luned� 2 ottobre 2000 14.57
> > > A: Orion-Interest
> > > Oggetto: Client certificate authentication
> > >
> > >
> > > Hi
> > >
> > > I need to authenticate clients with digital certificates, I have a
> > > VeriSign
> > > trial client certificate and I'm using IE 5.0. The certificate is well
> > > installed in IE.
> > > I'm working with Orion 1.2.9 and HTTPS. I'm using
> > > <auth-method>CLIENT-CERT</auth-method> in de login config of WEB.XML
> > file.
> > > When I connect to the WEB site I see the follow error:
> > > 403 Forbidden
> > > Your cert's user does not have access to this resource
> > >
> > > Please, anybody could help me about this?
> > >
> > > Note: In the PRINCIPAL.XML file when I set the user that has a
> > certificate
> > > I
> > > do the follow:
> > >
> > > <user username="A name here">
> > > <description>no description</description>
> > > <certificate-issuer>CN = VeriSign Class 1 CA
> > > Individual Subscriber-Persona Not Validated, OU =
> > > www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)98, OU =
> > > VeriSign
> > > Trust Network, O = VeriSign, Inc.</certificate-issuer>
> > > <certificate-serial-id>I don't
> > > know</certificate-serial-id>
> > > <group-membership group="users"/>
> > > <group-membership group="guests"/>
> > > </user>
> > >
> > > In <certificate-serial-id> tag I've an hexa number and when I put
> this
> > > serial number in it, the Orion throws the follow exception:
> > > java.lang.NumberFormatException: 297D6F02EA75C1
> > > at java.lang.Long.parseLong(Unknown Source)
> > > at java.math.BigInteger.<init>(Unknown Source)
> > > at java.math.BigInteger.<init>(Unknown Source)
> > > at com.evermind.server.gs.<init>(JAX)
> > > at com.evermind.server.XMLUserManager.ajf(JAX)
> > > at com.evermind.server.XMLUserManager.ajd(JAX)
> > > at com.evermind.server.XMLUserManager.bw(JAX)
> > > at com.evermind.xml.XMLConfig.br(JAX)
> > > at com.evermind.xml.XMLConfig.ax(JAX)
> > > at com.evermind.xml.XMLConfig.ax(JAX)
> > > at com.evermind.xml.XMLConfig.update(JAX)
> > > at com.evermind.server.gw.run(JAX)
> > > at com.evermind.util.g.run(JAX)
> > > at com.evermind.util.f.run(JAX)
> > >
> > > What serial number I must to put in this tag?
> > >
> > > Thanks, Esteban
> > >
Principals.xml
WEB.XML
Application.xml
