if you use Apache Reverse Proxy, then SSL Session will be terminated at
the Reverse Proxy and the SSL Authentication / verification is done by
reverse proxy
to transport some certificate information to your WebSphere can use:
RequestHeader set "HTTP_USER_ID" %{SSL_CLIENT_S_DN_CN}e
The WebSphere Application now can authorize the user based on http
header "HTTP_USER_ID", but your application must be able to.
You also may have a look at
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#forwardreverse
regards
[EMAIL PROTECTED] schrieb:
Hello everyone!
I've an apache 2.2 WebServer that is working as a reverse proxy for a
WebSphere application server that is on a separate machine.
Now I have a web application that need an information that is included
in a client certificate field (OU).
I would like to know if, with apache, is possible to obtain a
configuration where the webserver requires the client cert but doesn't
verify it and pass it to the application server that can verify it.
I have such a configuration with IBM http Server. Here there is a
directive in the http server configuration file that let you specify
"passthrough" value for client cert.
Please let me know!
Thanks in advance
Manuela Vorazzo
\
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
