I made a mistake in my last post
(I was thinking about a different app server)
inside the xml file for the web app add:
needs-client-auth="true"
to the <ssl-config> tag
instead of that client-auth="true" attribute I sent
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Paolo Ramasso
> Sent: Monday, July 02, 2001 1:29 AM
> To: Orion-Interest
> Subject: request for info:ssl and client authentication with orion
>
> Hi guys
>
> i need some more info about ssl and oc4j (orion 1.5.0)
> here is the enviroment:
> client authentication by SSL 3 using x501 certificates, the application
> server (oc4j ) must validate and inspect the certificate info and
> extract the
> user information contained in it (....common name ....to use it as a
> lookup
> key in LDAP directory search ).
> here are the question:
> does the oc4j (orion 1.5.0) container provide a toolset or specific APIs
> to validate the client digital certificate against a CA?
> does the oc4j (orion 1.5.0) container provide a toolset or specific APIs
> to extract
> client user information from the digital certificate sent by the
> client?
> thanks a lot in advance
> ciao
> Paolo
