Hi Mark, How are you configuring TLS for the Connector?
<Connector port="8443" scheme="https" secure="true" protocol="org.apache.coyote.http11.Http11AprProtocol" SSLEnabled="true" SSLCertificateFile="/certs/foo.crt" SSLCertificateKeyFile="/certs/foo.key" maxThreads="150" clientAuth="false" SSLProtocol="all" /> How are you configuring TLS for LDAP? Do you mean inside Tomcat? Thanks -John -----Original Message----- From: Mark Thomas <ma...@apache.org> Sent: Tuesday, October 8, 2019 11:07 AM To: users@tomcat.apache.org Subject: Re: Tomcat 7 HTTPS and LDAP authentication issue On 08/10/2019 18:55, John Beaulaurier -X (jbeaulau - ADVANCED NETWORK INFORMATION INC at Cisco) wrote: > Hello, > > We have an application running on Tomcat 7.0.96. The application > handles authentication by accessing an internal LDAPS host by using > credentials, a keystore, and the LDAPS hostname and port from an > external file from the application and from Tomcat. This works with no > issues, until I enable HTTPS in Tomcat. Once I see sessions are encrypted, > users can no longer logon to the application. When I disable HTTPS the users > can again authenticate in the application. We do have an Apache reverse proxy > for the application, but when Tomcat HTTPS is enabled I need to use > https://hostname:8443/foo to get to the application login screen and not just > https://hostname/foo. > With HTTPS disabled I can access the application with > http://hostname/foo. That's obviously a config issue I need to address, but > would that by why the authentication process would be broken when HTTPS in > enabled? How are you configuring TLS for LDAP? How are you configuring TLS for the Connector? I suspect that something somewhere is using the JVM wide TLS configuration properties when it should be using LDAP / Tomcat Connector specific settings? Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org