Hi Lopez,
Can you detail your "manual" identification?
Luciano
-----Messaggio originale-----
Da: Lopez Esteban [mailto:[EMAIL PROTECTED]]
Inviato: martedì 3 ottobre 2000 21.53
A: Orion-Interest
Oggetto: RE: Client certificate authentication
I don't solve the 403 problem yet, but I can identify users using
client certificates. I accept or not the user.
If you are interested in this "manual" identification I can explain
you more.
> -----Mensaje original-----
> De: Montebove Luciano [SMTP:[EMAIL PROTECTED]]
> Enviado el: Martes, 03 de Octubre de 2000 04:59 a.m.
> Para: Orion-Interest
> Asunto: R: Client certificate authentication
>
> I can help you partially. I had the same 403 Forbidden problem and I'm
> waiting for a response from official support (5 days).
> For the Cert ID use the sample page ssl-user-registration.jsp in demo SSL.
> It will show the cert id you are looking for.
> If you solve the 403 problem tell me.
>
> ¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø
> Luciano Montebove - Software Architect - Finsiel S.p.a
> E-mail: [EMAIL PROTECTED] Phone: (+39) 06-4142-7663
> "If you don't fail now and again, it's a sign you're playing it safe"
> -W. Allen
> ¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø
>
>
>
> -----Messaggio originale-----
> Da: Lopez Esteban [mailto:[EMAIL PROTECTED]]
> Inviato: lunedì 2 ottobre 2000 14.57
> A: Orion-Interest
> Oggetto: Client certificate authentication
>
>
> Hi
>
> I need to authenticate clients with digital certificates, I have a
> VeriSign
> trial client certificate and I'm using IE 5.0. The certificate is well
> installed in IE.
> I'm working with Orion 1.2.9 and HTTPS. I'm using
> <auth-method>CLIENT-CERT</auth-method> in de login config of WEB.XML file.
> When I connect to the WEB site I see the follow error:
> 403 Forbidden
> Your cert's user does not have access to this resource
>
> Please, anybody could help me about this?
>
> Note: In the PRINCIPAL.XML file when I set the user that has a certificate
> I
> do the follow:
>
> <user username="A name here">
> <description>no description</description>
> <certificate-issuer>CN = VeriSign Class 1 CA
> Individual Subscriber-Persona Not Validated, OU =
> www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)98, OU =
> VeriSign
> Trust Network, O = VeriSign, Inc.</certificate-issuer>
> <certificate-serial-id>I don't
> know</certificate-serial-id>
> <group-membership group="users"/>
> <group-membership group="guests"/>
> </user>
>
> In <certificate-serial-id> tag I've an hexa number and when I put this
> serial number in it, the Orion throws the follow exception:
> java.lang.NumberFormatException: 297D6F02EA75C1
> at java.lang.Long.parseLong(Unknown Source)
> at java.math.BigInteger.<init>(Unknown Source)
> at java.math.BigInteger.<init>(Unknown Source)
> at com.evermind.server.gs.<init>(JAX)
> at com.evermind.server.XMLUserManager.ajf(JAX)
> at com.evermind.server.XMLUserManager.ajd(JAX)
> at com.evermind.server.XMLUserManager.bw(JAX)
> at com.evermind.xml.XMLConfig.br(JAX)
> at com.evermind.xml.XMLConfig.ax(JAX)
> at com.evermind.xml.XMLConfig.ax(JAX)
> at com.evermind.xml.XMLConfig.update(JAX)
> at com.evermind.server.gw.run(JAX)
> at com.evermind.util.g.run(JAX)
> at com.evermind.util.f.run(JAX)
>
> What serial number I must to put in this tag?
>
> Thanks, Esteban
>
