tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Williams" <ccwillia...@ntlworld.com>
Subject SSL Client authentication: what goes in tomcat-users.xml?
Date Fri, 03 Oct 2003 17:42:44 GMT
Following the advice from this link
http://books.mcgraw-hill.com/betabooks/aug02/taylor/0072225653_ch10.html

I tried to get SSL client authentication to work by setting the following
entry in tomcat-users.xml:
<user username="CN=x, OU=y, O=z, L=a, S=b, C=c" password="" roles="user"/>

where x,y,z,etc. have real but unimportant values.  Evidently Tomcat somehow
matches the distinguished name from my certificate against an entry in the
users file, presumably to establish the user's role.  If it fails to make a
match, no authentication takes place which, I guess, is why I was able to
access protected pages but getUserPrincipal() was returning null.  However,
when I start Tomcat I get the error:
GlobalResourcesLifecycleListener: Exception creating UserDatabase MBeans for
UserDatabase
javax.management.MalformedObjectNameException: ObjectName: Invalid
(key,value) pair -> username=CN=x

So, what do I put in tomcat-users.xml to get client certificate
authentication to work?  Do I have to escape the '=' signs in some way?

TIA (as I really want to put this issue to bed),

Chris Williams.

P.S. If somebody tells me to "read the FAQ", please specify WHICH FAQ.  I've
read hundreds over the past few days trying to get to the bottom of
CLIENT-CERT auth.




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message