Am 27. Februar 2020 10:58:01 MEZ schrieb "Martynas Jusevičius" 
>Hi list,
>I'm using a Docker image based on tomcat:8.0-jre8. It serves as an
>end-user facing webapp but also as a REST API which authenticates
>using client certificates. The same URLs serve both purposes, however
>only administrators are using the API.
>The Connector is configured using clientAuth="want".
>This works fine with API calls which are run from shell scripts.
>In the browser however it prompts a certificate selection (if there
>are any client certs). This would not be a problem if the webapp would
>not be user-facing, but since it is the certificate prompt can be
>confusing to many users and increase our bounce rate.
>I'm looking for some workaround that would not require changing the
>whole design. For example asking for the client cert only when a
>certain flag is set, such as a query param or request header.
>Or somehow not asking for it but still accepting it :) But I guess
>that's not how TLS works...
>Any ideas? Thanks.
>To unsubscribe, e-mail:
>For additional commands, e-mail:


Instead of configuring the container for client cert Auth change the webapp:
1) define a realm in local context.xml
2) add resp security constraint only for rest api calls

Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.

To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to