FW: Problems with HTTPS Mutual authentication with big petitions

Fri, 04 Jan 2008 15:27:12 -0800 


Nicolas-


did you configure with JAAS?
Are you using 5.5 
TC?http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#JAASRealm Saludos 
Martin ______________________________________________Disclaimer and 
confidentiality noteEverything in this e-mail and any attachments relates to 
the official business of Sender. This transmission is of a confidential nature 
and Sender does not endorse distribution to any party other than intended 
recipient. Sender does not necessarily endorse content contained within this 
transmission.> Date: Fri, 4 Jan 2008 16:52:31 -0500> From: [EMAIL PROTECTED]> 
To: users@tomcat.apache.org> Subject: Problems with HTTPS Mutual authentication 
with big petitions> > > Hello, I'm running into problems when I try to 
configure tomcat to> validate the client by its https cert with big requests. 
I'm using it> with forms and when the send the form to the server with big> 
(10-15Kbytes) requests it fails, but when I send small (90 bytes)> requests it 
works.> > I have on the web.xml a security constrain:> <security-constraint>> 
<web-resource-collection>> <web-resource-name>Mutual auth</web-resource-name>> 
<url-pattern>/page1.htm</url-pattern>> <url-pattern>/page2.htm</url-pattern>> 
</web-resource-collection>> <auth-constraint>> 
<role-name>clientHttpsRole</role-name>> </auth-constraint>> 
<user-data-constraint>> <transport-guarantee>> CONFIDENTIAL> 
</transport-guarantee>> </user-data-constraint>> </security-constraint>> 
<login-config>> <auth-method>CLIENT-CERT</auth-method>> </login-config>> > 
<security-role>> <role-name>clientHttpsRole</role-name>> </security-role>> > 
and I created the user:> <user username="CN=WHATEVER" password="null" 
roles="clientHttpsRole"/>> > Here is the snip with the https connector of the 
server.xml:> <Connector port="8443"> maxThreads="150" minSpareThreads="25" 
maxSpareThreads="75"> enableLookups="false" disableUploadTimeout="true"> 
acceptCount="100" debug="0" scheme="https" secure="true"> clientAuth="false" 
sslProtocol="TLS" keystoreType="JKS"> keystoreFile="keystore" 
keystorePass="password"> truststoreFile="keystore" truststorePass="password"/>> 
> > > What makes me worry is that it works fine when I set the https connector> 
with clientAuth="true".> > > > > -- > > Atentamente,> Nicolás Velásquez O.> 
Bogotá, Colombia> > (^) ASCII Ribbon Campaign> X NO HTML/RTF in e-mail> / \ NO 
Word docs in e-mail> > > 
---------------------------------------------------------------------> To start 
a new topic, e-mail: users@tomcat.apache.org> To unsubscribe, e-mail: [EMAIL 
PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]> 



Watch “Cause Effect,” a show about real people making a real difference. Learn 
more 
_________________________________________________________________
Put your friends on the big screen with Windows Vista® + Windows Live™.
http://www.microsoft.com/windows/shop/specialoffers.mspx?ocid=TXT_TAGLM_CPC_MediaCtr_bigscreen_012008





















					Reply via email to