Hi Esteban,
I already put the lines you added to your web.xml file (as the user if I use
BASIC authentication works fine) but I have the same 403 problem.
Could you send me your actual configuration for principals.xml and web.xml?
Can you attach also the response you get from ssl-user-registration.jsp?
When I call this page I can't see the username (could it be the problem?)
In general I can't understand why I need a username and password when using
Client certificate authentication and how I have to use them.
Thanks,
Luciano
-----Messaggio originale-----
Da: Lopez Esteban [mailto:[EMAIL PROTECTED]]
Inviato: venerdì 6 ottobre 2000 20.58
A: Orion-Interest
Cc: [EMAIL PROTECTED]
Oggetto: RE: Client certificate authentication
Hi Luciano:
I could fix the 403 Forbidden problem!!! It's easy:
In the WEB.XML file you must do anything like this:
<security-constraint>
<web-resource-collection>
<web-resource-name>MySecurity</web-resource-name>
<url-pattern>/servlet/MainMenu</url-pattern>
<http-method>*</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>users</role-name>
</auth-constraint>
</security-constraint>
I I had forgotten to put:
<auth-constraint>
<role-name>users</role-name>
</auth-constraint>
and then no Role cuold have access.
Remember that in the WEB.XML we need to map the "users" Role:
<security-role>
<description></description>
<role-name>users</role-name>
</security-role>
I hope this help you.
Esteban Lopez
> -----Original Message-----
> From: Montebove Luciano [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, October 04, 2000 4:55 AM
> To: Orion-Interest
> Cc: [EMAIL PROTECTED]
> Subject: Re: Client certificate authentication
>
> Hi Lopez,
>
> Can you detail your "manual" identification?
>
> Luciano
>
> -----Messaggio originale-----
> Da: Lopez Esteban [mailto:[EMAIL PROTECTED]]
> Inviato: martedì 3 ottobre 2000 21.53
> A: Orion-Interest
> Oggetto: RE: Client certificate authentication
>
>
>
> I don't solve the 403 problem yet, but I can identify users using
> client certificates. I accept or not the user.
> If you are interested in this "manual" identification I can explain
> you more.
>
> > -----Mensaje original-----
> > De: Montebove Luciano [SMTP:[EMAIL PROTECTED]]
> > Enviado el: Martes, 03 de Octubre de 2000 04:59 a.m.
> > Para: Orion-Interest
> > Asunto: R: Client certificate authentication
> >
> > I can help you partially. I had the same 403 Forbidden problem and I'm
> > waiting for a response from official support (5 days).
> > For the Cert ID use the sample page ssl-user-registration.jsp in demo
> SSL.
> > It will show the cert id you are looking for.
> > If you solve the 403 problem tell me.
> >
> > ¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø
> > Luciano Montebove - Software Architect - Finsiel S.p.a
> > E-mail: [EMAIL PROTECTED] Phone: (+39) 06-4142-7663
> > "If you don't fail now and again, it's a sign you're playing it safe"
> > -W. Allen
> > ¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø
> >
> >
> >
> > -----Messaggio originale-----
> > Da: Lopez Esteban [mailto:[EMAIL PROTECTED]]
> > Inviato: lunedì 2 ottobre 2000 14.57
> > A: Orion-Interest
> > Oggetto: Client certificate authentication
> >
> >
> > Hi
> >
> > I need to authenticate clients with digital certificates, I have a
> > VeriSign
> > trial client certificate and I'm using IE 5.0. The certificate is well
> > installed in IE.
> > I'm working with Orion 1.2.9 and HTTPS. I'm using
> > <auth-method>CLIENT-CERT</auth-method> in de login config of WEB.XML
> file.
> > When I connect to the WEB site I see the follow error:
> > 403 Forbidden
> > Your cert's user does not have access to this resource
> >
> > Please, anybody could help me about this?
> >
> > Note: In the PRINCIPAL.XML file when I set the user that has a
> certificate
> > I
> > do the follow:
> >
> > <user username="A name here">
> > <description>no description</description>
> > <certificate-issuer>CN = VeriSign Class 1 CA
> > Individual Subscriber-Persona Not Validated, OU =
> > www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)98, OU =
> > VeriSign
> > Trust Network, O = VeriSign, Inc.</certificate-issuer>
> > <certificate-serial-id>I don't
> > know</certificate-serial-id>
> > <group-membership group="users"/>
> > <group-membership group="guests"/>
> > </user>
> >
> > In <certificate-serial-id> tag I've an hexa number and when I put this
> > serial number in it, the Orion throws the follow exception:
> > java.lang.NumberFormatException: 297D6F02EA75C1
> > at java.lang.Long.parseLong(Unknown Source)
> > at java.math.BigInteger.<init>(Unknown Source)
> > at java.math.BigInteger.<init>(Unknown Source)
> > at com.evermind.server.gs.<init>(JAX)
> > at com.evermind.server.XMLUserManager.ajf(JAX)
> > at com.evermind.server.XMLUserManager.ajd(JAX)
> > at com.evermind.server.XMLUserManager.bw(JAX)
> > at com.evermind.xml.XMLConfig.br(JAX)
> > at com.evermind.xml.XMLConfig.ax(JAX)
> > at com.evermind.xml.XMLConfig.ax(JAX)
> > at com.evermind.xml.XMLConfig.update(JAX)
> > at com.evermind.server.gw.run(JAX)
> > at com.evermind.util.g.run(JAX)
> > at com.evermind.util.f.run(JAX)
> >
> > What serial number I must to put in this tag?
> >
> > Thanks, Esteban
> >