Yes, this is exactly what I'm want and I see this manual to. But - how to specify different clientAuth= for different Context's ? I found "SSL Authenticator Valve<http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#SSL_Authenticator_Valve>" - but there is nohting about how to do it... And I don't see any possibility to make with any other Context options<http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Context_Parameters>...
2014-02-04 André Warnier <a...@ice-sa.com>: > Арсений Зинченко wrote: > >> Hi. >> >> Task is - have ability to use HTTP/HTTPS without clientAuth for ROOT, but >> enable two-factor auth (clientAuth="true" and using trustedstore.jks) for >> other Context. >> >> Can somebody please any tips? >> >> > I don't know much about SSL, but isn't the answer right here ? > > http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support > > clientAuth > > Set to true if you want the SSL stack to require a valid certificate chain > from the client before accepting a connection. Set to want if you want the > SSL stack to request a client Certificate, but not fail if one isn't > presented. A false value (which is the default) will not require a > certificate chain unless the client requests a resource protected by a > security constraint that uses CLIENT-CERT authentication. > > If I understand the above correctly, then setting clientAuth="false" in > the Connector, and then requesting a CLIENT-CERT authentication only in > your "other Context", should do the trick, no ? > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
