tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dobson Paul L Contr 84 MSUG/GBMLBR <Paul.Dob...@HILL.af.mil>
Subject Client Authentication
Date Tue, 29 Nov 2005 16:29:09 GMT
I am having a tough time finding information on implementing client
authentication.  When trying to access my site, I need the user to be
presented with a dialog box asking for a digital certificate.  The
certificate needs to be validated then bounced against a list of revoked
certificates, If it is valid and not revoked, the user should be allowed in
the site.  I have SSL implemented and have modified my server.xml, setting
clientAuth="true".  If I set it to true, I am quickly presented with the
explorer page that says:

 



The page cannot be displayed

 	 

The page you are looking for is currently unavailable. The Web site might be
experiencing technical difficulties, or you may need to adjust your browser
settings.

If I set clientAuth="want", I am let into the site without being prompted
for a certificate.

 

I think it is automatically behaving as if a client certificate is not
available without prompting for one  ( we are set up with ActiveCard smart
cards and readers at all work stations)

 

I am using Tomcat 5.0 with j2sdk1.4.2_04 on windows 2000 server with SP4

 

Here is my server.xml:

----------------------------------------------------------------------------
----------------------------------------------------------------------------
------------------

<?xml version='1.0' encoding='utf-8'?>

<Server>

  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"/>

  <Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>

  <GlobalNamingResources>

    <Environment name="simpleValue" type="java.lang.Integer" value="30"/>

    <Resource auth="Container" description="User database that can be
updated and saved" name="UserDatabase" 

type="org.apache.catalina.UserDatabase"/>

    <ResourceParams name="UserDatabase">

      <parameter>

        <name>factory</name>

        <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>

      </parameter>

      <parameter>

        <name>pathname</name>

        <value>conf/tomcat-users.xml</value>

      </parameter>

    </ResourceParams>

  </GlobalNamingResources>

  <Service name="Catalina">

    <Connector acceptCount="100" connectionTimeout="20000"
disableUploadTimeout="true" port="8080" redirectPort="8443">

    </Connector>

    <Connector port="8009" protocol="AJP/1.3"
protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"
redirectPort="8443">

    </Connector>

    <Connector acceptCount="100" clientAuth="false" debug="9"
disableUploadTimeout="true" enableLookups="true" keystoreFile="C:\Program 

Files\Apache Group\Tomcat 5.0\SSL\keystore" maxProcessors="75" port="8443"
scheme="https" secure="true" sslProtocol="TLS">

    </Connector>

    <Engine defaultHost="localhost" name="Catalina">

      <Host appBase="webapps" name="localhost">

        <Logger className="org.apache.catalina.logger.FileLogger"
prefix="localhost_log." suffix=".txt" timestamp="true"/>

      </Host>

      <Logger className="org.apache.catalina.logger.FileLogger"
prefix="catalina_log." suffix=".txt" timestamp="true"/>

      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"/>

    </Engine>

  </Service>

</Server>

----------------------------------------------------------------------------
----------------------------------------------------------------------------
-------------------------------

Any ideas  on how I can get this set up correctly?

 

Thanks in advance for any help.

--Paul


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message