tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Violeta Georgieva <>
Subject Re: userfriendly failed client authentification
Date Fri, 08 May 2015 06:28:06 GMT

2015-05-07 20:54 GMT+03:00 Johannes <>:
> Hello.
> I'm using Tomcat 7.0.with Java 7.0.
> I'm trying to create a webapp with needs a client certifiacte
> authentification.
> Normal client certifiacte authentfication works well and I can compute
> the desired certificate data. The clientauth parameter in the https
> connector is set to false. In my webapp is a security-constraint
> registred for a url space, like  /secure/*.
> If authentifications fails, a ugly browser error page occurs. A new
> authentification try can only be attempt after reopen the browser.
> I already noticed setting server wide clientauth to "want", I receive a
> tomcat 401 http error page (which can be customized) if no client
> certificate was found on a protected resource. But entering a bad
> passphrase shows a ugly browser error page again.
> Is there a way to deal with that? I believe the user acceptance will be
> low with that behavior.

Consider providing your own error pages thus you can setup them with you
company branding.

Best Regards,

> Best regards Johannes.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message