tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: CLIENT-CERT and JDBCRealm
Date Sat, 24 Aug 2002 05:22:49 GMT

On Fri, 23 Aug 2002, Hendryx-Parker, Calvin wrote:

> Date: Fri, 23 Aug 2002 18:15:22 -0700
> From: "Hendryx-Parker, Calvin" <>
> Reply-To: Tomcat Users List <>
> To:
> Subject: CLIENT-CERT and JDBCRealm
> I am working on setting up a protected service using tomcat 4.0.2 and
> wanted to use CLIENT-CERT as the auth-method and I have a JDBCRealm that
> works with the BASIC auth-method.  Everything is happy when I set
> clientAuth=true until I put a constraint on the resource and require a
> particuliar role.
> It looks like the tomcat server gets the cert chain just fine since I see
> it in the catalina_log as it prints the DN for each cert that it tries.  I
> have the DN for my cert in the users table and a coresponding entry in the
> roles table, but it never seems to match the user from what I see.  Is
> there a special way that the username or roles must be stored for it to
> match?

Yes ... the principal name from the first certificate in the chain must be
a username in your Realm for client-cert authentication to work.

> Thanks,
> Calvin


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message