tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Farrell, Patrick" <PFarr...@trusecure.com>
Subject RE: HELP! Client Authentication in Tomcat 4.1.24
Date Wed, 23 Jul 2003 19:13:22 GMT
Thanks,

I had seen the bug you are referring to, but didn't think that this was my
problem since I don't see that exception anywhere.  Is there anywhere that I
may look to find that exception just to ensure that this is truely my
problem?

Pat

-----Original Message-----
From: Jay Garala [mailto:JGarala@Conclusive.com]
Sent: Wednesday, July 23, 2003 1:44 PM
To: 'Tomcat Users List'
Subject: RE: HELP! Client Authentication in Tomcat 4.1.24


This is the part you were missing.  Unfortunately, the handling of Client
certs in the Jk-Coyote connector is broken in 4.1.24 (see
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15790).

Wait for 4.1.26 or grab alpha from CVS

-----Original Message-----
From: Farrell, Patrick [mailto:PFarrell@trusecure.com]
Sent: Wednesday, July 23, 2003 1:02 PM
To: 'tomcat-user@jakarta.apache.org'
Subject: HELP! Client Authentication in Tomcat 4.1.24


I am attempting to use client certificate authentication with Tomcat 4.1.24,
but each time I connect via a browser (Internet Explorer) Tomcat indicates
that it is unable to authenticate with the provided credentials.  

My client certificate is a personal certificate from Thawte.  The
corresponding root certificate already exists in my truststore.  

Shown below is my tomcat-users.xml file.  

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="user" description="Authenticated User"/>
  <role rolename="manager" description="Tomcat Manager"/>
  <role rolename="admin" description="Tomcat Administrator"/>
  <user username="administrator" password="password" roles="admin,manager"/>
  <user username="EMAILADDRESS=pfarrell@trusecure.com, CN=Thawte Freemail
Member" password="null" roles="user"/>
</tomcat-users>

Must I do anything with the client certificate in order for the server to
trust it, or does the server simply grab the DN from the certificate and
look in the realm for a user with the corresponding DN?  

Does anyone have any information or links on how to configure tomcat users
with client authentication?

Pat

***********************************************************************
This message is intended only for the use of the intended recipient and
may contain information that is PRIVILEGED and/or CONFIDENTIAL.  If you
are not the intended recipient, you are hereby notified that any use,
dissemination, disclosure or copying of this communication is strictly
prohibited.  If you have received this communication in error, please
destroy all copies of this message and its attachments and notify us
immediately.
***********************************************************************


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

***********************************************************************
This message is intended only for the use of the intended recipient and
may contain information that is PRIVILEGED and/or CONFIDENTIAL.  If you
are not the intended recipient, you are hereby notified that any use,
dissemination, disclosure or copying of this communication is strictly
prohibited.  If you have received this communication in error, please
destroy all copies of this message and its attachments and notify us
immediately.
***********************************************************************


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message