Bug #15790 is only if you are fronting Tomcat with Apache/IIS/SunONE. If you are using the stand-alone connector, it doesn't apply. I'm guessing that this isn't your problem, since you'd get a different error.
To use this setup, you need to be using MemoryRealm. The default DataSourceRealm doesn't handle CLIENT-CERT authentication. When I'm testing this, I usually get rid of the '<Resource name="UserDatabase" ...>', since it has a bad habit of messing up cert subjects when it re-saves the file :-). With 4.1.26, if you enable TRACE logging, it will print the cert out to the log (I use this to cut-and-paste the Subject to tomcat-users.xml). If you have log4j in common/lib, then add: log4j.logger.org.apache.tomcat.util.net.jsse=TRACE to your log4j.properties. "Farrell, Patrick" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] .. > Thanks, > > I had seen the bug you are referring to, but didn't think that this was my > problem since I don't see that exception anywhere. Is there anywhere that I > may look to find that exception just to ensure that this is truely my > problem? > > Pat > > -----Original Message----- > From: Jay Garala [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 23, 2003 1:44 PM > To: 'Tomcat Users List' > Subject: RE: HELP! Client Authentication in Tomcat 4.1.24 > > > This is the part you were missing. Unfortunately, the handling of Client > certs in the Jk-Coyote connector is broken in 4.1.24 (see > http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15790). > > Wait for 4.1.26 or grab alpha from CVS > > -----Original Message----- > From: Farrell, Patrick [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 23, 2003 1:02 PM > To: '[EMAIL PROTECTED]' > Subject: HELP! Client Authentication in Tomcat 4.1.24 > > > I am attempting to use client certificate authentication with Tomcat 4.1.24, > but each time I connect via a browser (Internet Explorer) Tomcat indicates > that it is unable to authenticate with the provided credentials. > > My client certificate is a personal certificate from Thawte. The > corresponding root certificate already exists in my truststore. > > Shown below is my tomcat-users.xml file. > > <?xml version='1.0' encoding='utf-8'?> > <tomcat-users> > <role rolename="user" description="Authenticated User"/> > <role rolename="manager" description="Tomcat Manager"/> > <role rolename="admin" description="Tomcat Administrator"/> > <user username="administrator" password="password" roles="admin,manager"/> > <user username="[EMAIL PROTECTED], CN=Thawte Freemail > Member" password="null" roles="user"/> > </tomcat-users> > > Must I do anything with the client certificate in order for the server to > trust it, or does the server simply grab the DN from the certificate and > look in the realm for a user with the corresponding DN? > > Does anyone have any information or links on how to configure tomcat users > with client authentication? > > Pat > > *********************************************************************** > This message is intended only for the use of the intended recipient and > may contain information that is PRIVILEGED and/or CONFIDENTIAL. If you > are not the intended recipient, you are hereby notified that any use, > dissemination, disclosure or copying of this communication is strictly > prohibited. If you have received this communication in error, please > destroy all copies of this message and its attachments and notify us > immediately. > *********************************************************************** > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > *********************************************************************** > This message is intended only for the use of the intended recipient and > may contain information that is PRIVILEGED and/or CONFIDENTIAL. If you > are not the intended recipient, you are hereby notified that any use, > dissemination, disclosure or copying of this communication is strictly > prohibited. If you have received this communication in error, please > destroy all copies of this message and its attachments and notify us > immediately. > *********************************************************************** --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
