tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Violeta Georgieva <miles...@gmail.com>
Subject Re: userfriendly failed client authentification
Date Fri, 08 May 2015 06:28:06 GMT
Hello,

2015-05-07 20:54 GMT+03:00 Johannes <jotpe@posteo.de>:
>
>
>
> Hello.
>
> I'm using Tomcat 7.0.with Java 7.0.
> I'm trying to create a webapp with needs a client certifiacte
> authentification.
> Normal client certifiacte authentfication works well and I can compute
> the desired certificate data. The clientauth parameter in the https
> connector is set to false. In my webapp is a security-constraint
> registred for a url space, like  /secure/*.
>
> If authentifications fails, a ugly browser error page occurs. A new
> authentification try can only be attempt after reopen the browser.
>
> I already noticed setting server wide clientauth to "want", I receive a
> tomcat 401 http error page (which can be customized) if no client
> certificate was found on a protected resource. But entering a bad
> passphrase shows a ugly browser error page again.
>
> Is there a way to deal with that? I believe the user acceptance will be
> low with that behavior.

Consider providing your own error pages thus you can setup them with you
company branding.

Best Regards,
Violeta

> Best regards Johannes.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message