The plan is to bypass the sign on page when tomcat is configured to use
client authentication.
So if my sign on servlet gets invoked, AND clientAuth=true, I won't
display the sign on page, but take another path. I'll have more work to
do to actually log the user in, but it'll be by using the certificate
used in the TLS/SSL connection through RACF on a z/OS mainframe running
Tomcat under USS (Unix System Services).
This is a one-off configuration for a client demanding smart card ONLY
log in. All other installations of the product use a normal log in page
for sign on; not a smart card.
I'm no Tomcat expert, so if there is another way to determine if
clientAuth=true, that would work, too.
Jerry
On 12/17/2015 3:42 PM, Mark Thomas wrote:
On 17/12/2015 21:32, Jerry Lampi wrote:
Specifically, I need to know if the value of clientAuth in the Connector
for port 443 is set to true.
Here is my connector:
<Connector
port="443"
clientAuth="true"
scheme="https"
secure="true"
SSLEnabled="true"
maxThreads="200"
protocol="org.apache.coyote.http11.Http11NioProtocol"
useSendfile="false"
.
.
.
/>
So at runtime, can I read the value of clientAuth?
Yes, if you go via JMX.
Why do you want to do this?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---
avast! Antivirus: Inbound message clean.
Virus Database (VPS): 151217-1, 12/17/2015
Tested on: 12/17/2015 3:43:08 PM
avast! - copyright (c) 1988-2015 AVAST Software.
https://www.avast.com/antivirus
---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 151217-1, 12/17/2015
Tested on: 12/17/2015 4:50:31 PM
avast! - copyright (c) 1988-2015 AVAST Software.
https://www.avast.com/antivirus
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org