httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Manuela.Vora...@ssb.it
Subject Re: [users@httpd] Apache and client certs
Date Fri, 29 Dec 2006 12:18:16 GMT
Probably I've to modify my application if there is no other way to send 
all client certificate info to my application server via proxy reverse.

Actually the web application on WebSphere is using 
javax.net.ssl.peer_certificates and then it extracts the first OU field.

How can I display the entire content of my request (all the data I send to 
the application server with the header too)?
I've tried setting Loglevel debug in my webserver configuration file but 
in my log I cannot recognise such information.

Please let me know

ManuciaoThanks!


 



Christian Gottschalch <masro@llbc.de> 
28/12/2006 10.53
Please respond to
users@httpd.apache.org


To
users@httpd.apache.org
cc

Subject
Re: [users@httpd] Apache and client certs






if you use Apache Reverse Proxy, then SSL Session will be terminated at 
the Reverse Proxy and the SSL Authentication / verification is done by 
reverse proxy

to transport some certificate information to your WebSphere can use:

RequestHeader set "HTTP_USER_ID" %{SSL_CLIENT_S_DN_CN}e

The WebSphere Application now can authorize the user based on http 
header "HTTP_USER_ID", but your application must be able to.

You also may have a look at 
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#forwardreverse

regards

Manuela.Vorazzo@ssb.it schrieb:
>
> Hello everyone!
> I've an apache 2.2 WebServer that is working as a reverse proxy for a 
> WebSphere application server that is on a separate machine.
>
> Now I have a web application that need an information that is included 
> in a client certificate field (OU).
>
> I would like to know if, with apache, is possible to obtain a 
> configuration where the webserver requires the client cert but doesn't 
> verify it and pass it to the application server that can verify it.
>
> I have such a configuration with IBM http Server. Here there is a 
> directive in the http server configuration file that let you specify 
> "passthrough" value for client cert.
>
>
> Please let me know!
>
> Thanks in advance
>
> Manuela Vorazzo
> 
> \ 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



Mime
View raw message