Greetings fellow Tomcat-ers:
I'm trying enable client certificate authentication on a per-webapp
basis using Tomcat 6.0.24. According to the various sources of
documentation I've found, this should be possible by enabling the SSL
Connector (which I've done), getting client certificate authentication
working for the Connector (this works for me), then setting
clientAuth="false" on the Connector and placing the following in the
webapp's web.xml:
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
I've tried various combinations of security constraints, roles,
realms, etc. but can never get the CLIENT-CERT authentication to work
for my webapp. As I mentioned above, all is fine if I set
clientAuth="true" but I don't want to impose client certificate
authentication across the whole site.
Searching the archives, I ran across bug 46950
(https://issues.apache.org/bugzilla/show_bug.cgi?id=46950) which looks
to describe my very problem. However, the bug is marked "fixed" as of
6.0.21 (I'm using 6.0.24) and I am not seeing the correct behavior.
Furthermore, the issue was reported against the APR Connector and I'm
using the default flavor (which, according to the one of the answering
developers, works for him).
Can anyone tell me what's going on here?
Thank you!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
