tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: CLIENT-CERT and JDBCRealm
Date Sat, 24 Aug 2002 05:22:49 GMT


On Fri, 23 Aug 2002, Hendryx-Parker, Calvin wrote:

> Date: Fri, 23 Aug 2002 18:15:22 -0700
> From: "Hendryx-Parker, Calvin" <Calvin@Epylon.com>
> Reply-To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> To: tomcat-user@jakarta.apache.org
> Subject: CLIENT-CERT and JDBCRealm
>
> I am working on setting up a protected service using tomcat 4.0.2 and
> wanted to use CLIENT-CERT as the auth-method and I have a JDBCRealm that
> works with the BASIC auth-method.  Everything is happy when I set
> clientAuth=true until I put a constraint on the resource and require a
> particuliar role.
>
> It looks like the tomcat server gets the cert chain just fine since I see
> it in the catalina_log as it prints the DN for each cert that it tries.  I
> have the DN for my cert in the users table and a coresponding entry in the
> roles table, but it never seems to match the user from what I see.  Is
> there a special way that the username or roles must be stored for it to
> match?
>

Yes ... the principal name from the first certificate in the chain must be
a username in your Realm for client-cert authentication to work.

> Thanks,
> Calvin

Craig


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message