On 08/10/2019 19:52, John Beaulaurier -X (jbeaulau - ADVANCED NETWORK INFORMATION INC at Cisco) wrote: > Hi Mark, > > How are you configuring TLS for the Connector? > > <Connector port="8443" > scheme="https" > secure="true" > protocol="org.apache.coyote.http11.Http11AprProtocol" > SSLEnabled="true" > SSLCertificateFile="/certs/foo.crt" > SSLCertificateKeyFile="/certs/foo.key" > maxThreads="150" > clientAuth="false" > SSLProtocol="all" /> > > How are you configuring TLS for LDAP? > > Do you mean inside Tomcat?
Yes. Or is the authentication happening in httpd? Mark > > Thanks > -John > > -----Original Message----- > From: Mark Thomas <ma...@apache.org> > Sent: Tuesday, October 8, 2019 11:07 AM > To: users@tomcat.apache.org > Subject: Re: Tomcat 7 HTTPS and LDAP authentication issue > > On 08/10/2019 18:55, John Beaulaurier -X (jbeaulau - ADVANCED NETWORK > INFORMATION INC at Cisco) wrote: >> Hello, >> >> We have an application running on Tomcat 7.0.96. The application >> handles authentication by accessing an internal LDAPS host by using >> credentials, a keystore, and the LDAPS hostname and port from an >> external file from the application and from Tomcat. This works with no >> issues, until I enable HTTPS in Tomcat. Once I see sessions are encrypted, >> users can no longer logon to the application. When I disable HTTPS the users >> can again authenticate in the application. We do have an Apache reverse >> proxy for the application, but when Tomcat HTTPS is enabled I need to use >> https://hostname:8443/foo to get to the application login screen and not >> just https://hostname/foo. >> With HTTPS disabled I can access the application with >> http://hostname/foo. That's obviously a config issue I need to address, but >> would that by why the authentication process would be broken when HTTPS in >> enabled? > > How are you configuring TLS for LDAP? > > How are you configuring TLS for the Connector? > > I suspect that something somewhere is using the JVM wide TLS configuration > properties when it should be using LDAP / Tomcat Connector specific settings? > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
