Re: smartcards for tomcat webapps
Thank you. So did you load the ca root cert (self-signed top of chain) into the truststorefile? via keytool? also does your web app's web.xml have the following? login-config auth-methodCLIENT-CERT/auth-method /login-config and security-constraint ... user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint From: Goo Sam Kong skgo...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Tue, April 6, 2010 10:21:49 PM Subject: Re: smartcards for tomcat webapps On 6 April 2010 20:39, dockeryjava...@yahoo.com wrote: Anyone using smartcards for auth? If so, have specific example code excerpt and server.xml? Minimum configuration changes required for HTTPS connector in server.xml is to add attributes below and amend value of clientAuth attribute from false to true or want. 1. truststoreFile 2. truststorePass 3. truststoreType !-- Define a SSL HTTP/1.1 Connector on port 8443 connectionTimeout=15000 -- Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=want/true sslProtocol=TLS truststoreFile= truststorePass=xxx truststoreType=xxx / No code change required in server side. Refer to http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html for SSL configuration in server.xml. Sent from my Verizon Wireless BlackBerry - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: smartcards for tomcat webapps
Yes, I imported the issuer of client certificate, (the issuer can self-signed or signed by others) into the trust store using Java keytool command. Below is the web.xml settings... security-constraint web-resource-collection web-resource-name Protected Area /web-resource-name url-pattern/private/*/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodCLIENT-CERT/auth-method /login-config On 7 April 2010 20:50, Michael Dockery dockeryjava...@yahoo.com wrote: Thank you. So did you load the ca root cert (self-signed top of chain) into the truststorefile? via keytool? also does your web app's web.xml have the following? login-config auth-methodCLIENT-CERT/auth-method /login-config and security-constraint ... user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint From: Goo Sam Kong skgo...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Tue, April 6, 2010 10:21:49 PM Subject: Re: smartcards for tomcat webapps On 6 April 2010 20:39, dockeryjava...@yahoo.com wrote: Anyone using smartcards for auth? If so, have specific example code excerpt and server.xml? Minimum configuration changes required for HTTPS connector in server.xml is to add attributes below and amend value of clientAuth attribute from false to true or want. 1. truststoreFile 2. truststorePass 3. truststoreType !-- Define a SSL HTTP/1.1 Connector on port 8443 connectionTimeout=15000 -- Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=want/true sslProtocol=TLS truststoreFile= truststorePass=xxx truststoreType=xxx / No code change required in server side. Refer to http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html for SSL configuration in server.xml. Sent from my Verizon Wireless BlackBerry - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: smartcards for tomcat webapps
On 6 April 2010 20:39, dockeryjava...@yahoo.com wrote: Anyone using smartcards for auth? If so, have specific example code excerpt and server.xml? Minimum configuration changes required for HTTPS connector in server.xml is to add attributes below and amend value of clientAuth attribute from false to true or want. 1. truststoreFile 2. truststorePass 3. truststoreType !-- Define a SSL HTTP/1.1 Connector on port 8443 connectionTimeout=15000 -- Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=want/true sslProtocol=TLS truststoreFile= truststorePass=xxx truststoreType=xxx / No code change required in server side. Refer to http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html for SSL configuration in server.xml. Sent from my Verizon Wireless BlackBerry - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org