Hello,
I'm trying to configure client authentication in Tomcat 7 on Windows 7. I have
the following connector in the server.xml:
<Connector port="443"
protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
keystoreFile="d:\certs\server_cert.jks"
keystorePass="changeit"
truststoreFile="d:\certs\truststore.jks"
truststorePass="changeit"
clientAuth="true"
sslProtocol="TLS" />
In my web.xml I have the following :
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>PKI Enabled App</realm-name>
</login-config>
This forces client authentication when I try to access the app using a browser
and when I provide a trusted certificate, I'm able get authenticated. After
the authentication I was expecting to get the client certificate information in
the session, but I get nothing. How do I pass the Common Name from the subject
line of the client certificate to the server during authentication so that I
can access it from a struts action?
Thanks in advance.
