geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kev D'Arcy" <>
Subject Client certificates with LDAP
Date Thu, 08 Feb 2007 12:34:35 GMT
Hi all,

I'm in the process of setting up a Geronimo 1.1.1 server to use client
certificates as the
authentication mechanism and using an LDAP directory as the role store
for authorisation
purposes. I think I have the client certs working properly (all I had to
do was add the truststore
file to the SSL connector in tomcat and hey presto it works), however
the subsequent
connection to LDAP is a bit of a problem. I've created a security realm
containing the relevant
connection parameters, but the login process never seem to go to LDAP to
retrieve the
users role list. I'm fairly sure the connection properties are correct
(I did a test log in when I
created the realm) and I've done a bit of digging to see what's going on
under the covers.

It appears that the type of login handler being used
(CertificateChainCallbackHandler) isn't
compatible with the LDAPLoginModule: the ldap module tries to pass in
callback which the CertificateChainCallbackHandler doesn't know how to

So, I'm a bit stumped. Should the realm I've created have a reference to
the fact that I'm trying
to use client certs (it doesn't currently, this is only reference in the
SSL connector) or should
I be looking somewhere else?

Any help would be greatly appreciated!


This document is strictly confidential and is intended for use by the addressee unless otherwise

This email has been scanned by an external email security system.

Allied Irish Banks

View raw message