I made a mistake in my last post
(I was thinking about a different app server)
inside the xml file for the web app add:
needs-client-auth=true
to the ssl-config tag
instead of that client-auth=true attribute I sent
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Paolo Ramasso
Sent: Monday, July 02, 2001 1:29 AM
To: Orion-Interest
Subject: request for info:ssl and client authentication with orion
Hi guys
i need some more info about ssl and oc4j (orion 1.5.0)
here is the enviroment:
client authentication by SSL 3 using x501 certificates, the application
server (oc4j ) must validate and inspect the certificate info and
extract the
user information contained in it (common name to use it as a
lookup
key in LDAP directory search ).
here are the question:
does the oc4j (orion 1.5.0) container provide a toolset or specific APIs
to validate the client digital certificate against a CA?
does the oc4j (orion 1.5.0) container provide a toolset or specific APIs
to extract
client user information from the digital certificate sent by the
client?
thanks a lot in advance
ciao
Paolo
