tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Briggs <>
Subject SSL with Form Fallback on Tomcat 7 or 8
Date Fri, 07 Feb 2014 06:32:47 GMT

I've been reading this page:
I'm currently using Tomcat 7 on Linux. In short, Neither of the bits
of code linked on that page work for me but the thing described in the
title is what I desire.

I have client certificate authentication working fully within my needs,
but I'm looking for a fallback so I can support allow users without one of
the appropriate smart cards being able to get in. BasicAuth would also
be fine for this project, although I'd much rather it were a form.

Additionally, I'm unclear on what the purpose of "optional" is on the
clientAuth parameter of a Connector,if it's not for the purpose of
some other fallback authentication mechanism to work. Maybe it's just
implemented because it's integral to the TLS implementation?

Another option is to configure the trust store appropriately, then
self-sign certificates and pass them out. That's still a little hostile
to the users that don't have smartcards in the first place; I have my
Realm hitting up an LDAP server with a username-pass tuple that
non-smartcard-wielding users already have an account on.

Any suggestions or direction would be greatly appreciated; fundamentally,
I have an app, using container security to keep it safe. Most users
will use smartcards to secure a client cert TLS, but not all users have
those smartcards.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message