Hello, I try to implement a custom client certificate authentication, that does some complicated LDAP-lookups in the background and gives an authenticated value with request.getRemoteUser() back to the applications. Peeking through the jcifs source, I chose to implement a filter. This works,but I'd like to limit the areas where the tomcat-SSL Connector asks for a SSL-Clientauthentication. I configured the connector with clientAuth="false" and tried to force SSL client authentication within the applications web.xml with:
<security-constraint>
<web-resource-collection>
<web-resource-name>Zugriffsschutz</web-resource-name>
<url-pattern>/secure/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
But this does not make the connector ask for a client certificate. How do I
make the connector ask for it? (clientAuth="true" in the connectors
configuration works, but limits the access of all pages to users that have
client certs).
I'm using tomcat 5.5.20.
Regards,
Alexander Jung
smime.p7s
Description: S/MIME cryptographic signature
