Hello, I just found it searching the list.
clientAuth="want" Does what I need: It permits Users without clientcerts, but asks for them in case they have some... This together with my filter, that checks for the certs brings the desired effect. Mit freundlichen Grüßen, Alexander Jung > -----Ursprüngliche Nachricht----- > Von: Jung, Alexander (AGIS) > Gesendet: Dienstag, 6. März 2007 14:39 > An: Tomcat Users List > Betreff: AW: How to request a client Certificate Authentication ? > > Hi, > > I'm not trying to see the SSL stuff itself, but make the > connector ask for a > client certificate. > This works with the security-constraint config mentioned below, if I > reference a role from the user-realm. As I do not have the > users defined in > some realm, i try to find a was to make the connector switch > to requesting a > client certificate without referencing a realm. > > The only alternative would be to dump the filter and > implement a realm? > > Mit freundlichen Grüßen, > Alexander Jung > > > > -----Ursprüngliche Nachricht----- > > Von: Dima Retov [mailto:[EMAIL PROTECTED] > > Gesendet: Dienstag, 6. März 2007 14:33 > > An: Tomcat Users List > > Betreff: Re: How to request a client Certificate Authentication ? > > > > Hi, > > > > SSL stuff happens before any actual HTTP data is sent. > > It not possible to see request's URL at this stage. > > > > Dima > > > > Tuesday, March 6, 2007, 3:29:15 PM, you wrote: > > > > JAA> Hello, > > > > JAA> I try to implement a custom client certificate > > authentication, that does > > JAA> some complicated LDAP-lookups in the background and > > gives an authenticated > > JAA> value with request.getRemoteUser() back to the applications. > > > > JAA> Peeking through the jcifs source, I chose to implement a > > filter. This > > JAA> works,but I'd like to limit the areas where the > > tomcat-SSL Connector asks > > JAA> for a SSL-Clientauthentication. > > > > JAA> I configured the connector with clientAuth="false" and > > tried to force SSL > > JAA> client authentication within the applications web.xml with: > > > > JAA> <security-constraint> > > JAA> <web-resource-collection> > > > > JAA> <web-resource-name>Zugriffsschutz</web-resource-name> > > JAA> <url-pattern>/secure/*</url-pattern> > > JAA> </web-resource-collection> > > JAA> <user-data-constraint> > > JAA> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > > JAA> </user-data-constraint> > > JAA> </security-constraint> > > > > JAA> <login-config> > > JAA> <auth-method>CLIENT-CERT</auth-method> > > JAA> </login-config> > > > > JAA> But this does not make the connector ask for a client > > certificate. How do I > > JAA> make the connector ask for it? (clientAuth="true" in the > > connectors > > JAA> configuration works, but limits the access of all pages > > to users that have > > JAA> client certs). > > > > JAA> I'm using tomcat 5.5.20. > > > > JAA> Regards, > > JAA> Alexander Jung > > > > > > > > -- > > Best regards, > > Dima mailto:[EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > > To start a new topic, e-mail: users@tomcat.apache.org > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > >
smime.p7s
Description: S/MIME cryptographic signature
