Hi, Is it possible to set up a tomcat (3.2.3) server with both client and server-authentication running? I've set up a server.xml file with two connectors (with different port no.s specified, and one having client-auth=true, the other client-auth=false). I can run the server and connect to each of the areas (I've specified them as different contexts, eg path="/client" and path="/server") as specified, however I'm concerned that the two authentication levels aren't being enforced.
For example, if I connect to the server-authenticated area (eg https://localhost:8443/server), the security is my site's certificate. However, if I then change the link in the browser window (eg to https://localhost:8444/client) I am not required to present/select my certificate to authenticate to the server. In other words, it has maintained the server-authentication specified in the first connection. This also works in reverse: if I connect via client-auth (and present my cert), I can then move to the server-authenticated area without any fuss. I suspect this is because this is all one session, and I haven't successfully set up Tomcat to accept multiple auth-levels within the one session (or this isn't possible). Can someone please help? Thanks very much! -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
