Thanks so much. I was just dumping session in psi-probe. I didn't think to look in the request. I get exactly what I need when I us request.getAttribute(org.apache.catalina.Globals.CERTIFICATES_ATTR). Thanks again!
-----Original Message----- From: Pid [mailto:p...@pidster.com] Sent: Monday, February 06, 2012 12:20 PM To: Tomcat Users List Subject: Re: Client Authentication--getting certificate information on the server side On 06/02/2012 17:01, Sanjeev Sharma wrote: > Hello, > > I'm trying to configure client authentication in Tomcat 7 on Windows 7. I > have the following connector in the server.xml: > > <Connector port="443" > protocol="HTTP/1.1" > SSLEnabled="true" > maxThreads="150" > scheme="https" > secure="true" > keystoreFile="d:\certs\server_cert.jks" > keystorePass="changeit" > truststoreFile="d:\certs\truststore.jks" > truststorePass="changeit" > clientAuth="true" > sslProtocol="TLS" /> > > In my web.xml I have the following : > > <login-config> > <auth-method>CLIENT-CERT</auth-method> > <realm-name>PKI Enabled App</realm-name> > </login-config> > > This forces client authentication when I try to access the app using a > browser and when I provide a trusted certificate, I'm able get authenticated. > After the authentication I was expecting to get the client certificate > information in the session, but I get nothing. How do I pass the Common Name > from the subject line of the client certificate to the server during > authentication so that I can access it from a struts action? > > Thanks in advance. There are a number of variables (javax.servlet.request.ssl*) available in the *request* rather than the session. Which ones are you trying to access? There's a list of various relevant things here: http://svn.apache.org/repos/asf/tomcat/trunk/java/org/apache/catalina/Globals.java p -- [key:62590808]
