"Shuwen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi,
> I would like to find out how to configure client authentication when
> enabling tomcat to run on https. From
> http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html, it says that
>
> *******************
> For using clientAuth on a per-user or per-session basis, check out the
> tips in Bugzilla 34643.
> ******************
> Does it mean that if I would like to configure client authentication, I
> need to patch the .java file on
> http://issues.apache.org/bugzilla/show_bug.cgi?id=34643?
>
This is mostly about "advanced topics" (e.g. adding users on the fly,
allowing the webapp to validate the cert). Most people get by with putting:
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
in their web.xml file, and configuring the truststore* attributes on the
<Connector /> in server.xml.
Note, if you apply the patch in 34643, then you are requiring your webapp to
autherise access to resources based on the client cert.
> I have found various sources on internet regarding the issue. Can
> anyone recommend a reliable way or point me to the reference for
> configuring client authentication?
>
>
>
> Thanks a lot in advance,
>
> Shuwen
>
>
> ---------------------------------
> Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user
> panel and lay it on us.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
