Hi Luciano:
I could fix the 403 Forbidden problem!!! It's easy:
In the WEB.XML file you must do anything like this:
security-constraint
web-resource-collection
web-resource-nameMySecurity/web-resource-name
url-pattern/servlet/MainMenu/url-pattern
http-method*/http-method
/web-resource-collection
auth-constraint
role-nameusers/role-name
/auth-constraint
/security-constraint
I I had forgotten to put:
auth-constraint
role-nameusers/role-name
/auth-constraint
and then no Role cuold have access.
Remember that in the WEB.XML we need to map the "users" Role:
security-role
description/description
role-nameusers/role-name
/security-role
I hope this help you.
Esteban Lopez
-Original Message-
From: Montebove Luciano [SMTP:[EMAIL PROTECTED]]
Sent: Wednesday, October 04, 2000 4:55 AM
To: Orion-Interest
Cc: [EMAIL PROTECTED]
Subject: Re: Client certificate authentication
Hi Lopez,
Can you detail your "manual" identification?
Luciano
-Messaggio originale-
Da: Lopez Esteban [mailto:[EMAIL PROTECTED]]
Inviato: martedì 3 ottobre 2000 21.53
A: Orion-Interest
Oggetto: RE: Client certificate authentication
I don't solve the 403 problem yet, but I can identify users using
client certificates. I accept or not the user.
If you are interested in this "manual" identification I can explain
you more.
-Mensaje original-
De: Montebove Luciano [SMTP:[EMAIL PROTECTED]]
Enviado el: Martes, 03 de Octubre de 2000 04:59 a.m.
Para: Orion-Interest
Asunto: R: Client certificate authentication
I can help you partially. I had the same 403 Forbidden problem and I'm
waiting for a response from official support (5 days).
For the Cert ID use the sample page ssl-user-registration.jsp in demo
SSL.
It will show the cert id you are looking for.
If you solve the 403 problem tell me.
¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø
Luciano Montebove - Software Architect - Finsiel S.p.a
E-mail: [EMAIL PROTECTED] Phone: (+39) 06-4142-7663
"If you don't fail now and again, it's a sign you're playing it safe"
-W. Allen
¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø
-Messaggio originale-
Da: Lopez Esteban [mailto:[EMAIL PROTECTED]]
Inviato: lunedì 2 ottobre 2000 14.57
A: Orion-Interest
Oggetto: Client certificate authentication
Hi
I need to authenticate clients with digital certificates, I have a
VeriSign
trial client certificate and I'm using IE 5.0. The certificate is well
installed in IE.
I'm working with Orion 1.2.9 and HTTPS. I'm using
auth-methodCLIENT-CERT/auth-method in de login config of WEB.XML
file.
When I connect to the WEB site I see the follow error:
403 Forbidden
Your cert's user does not have access to this resource
Please, anybody could help me about this?
Note: In the PRINCIPAL.XML file when I set the user that has a
certificate
I
do the follow:
user username="A name here"
descriptionno description/description
certificate-issuerCN = VeriSign Class 1 CA
Individual Subscriber-Persona Not Validated, OU =
www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)98, OU =
VeriSign
Trust Network, O = VeriSign, Inc./certificate-issuer
certificate-serial-idI don't
know/certificate-serial-id
group-membership group="users"/
group-membership group="guests"/
/user
In certificate-serial-id tag I've an hexa number and when I put this
serial number in it, the Orion throws the follow exception:
java.lang.NumberFormatException: 297D6F02EA75C1
at java.lang.Long.parseLong(Unknown Source)
at java.math.BigInteger.init(Unknown Source)
at java.math.BigInteger.init(Unknown Source)
at com.evermind.server.gs.init(JAX)
at com.evermind.server.XMLUserManager.ajf(JAX)
at com.evermind.server.XMLUserManager.ajd(JAX)
at com.evermind.server.XMLUserManager.bw(JAX)
at com.evermind.xml.XMLConfig.br(JAX)
at com.evermind.xml.XMLConfig.ax(JAX)
at com.evermind.xml.XMLConfig.ax(JAX)
at com.evermind.xml.XMLConfig.update(JAX)
at com.evermind.server.gw.run(JAX)
at com.evermind.util.g.run(JAX)
at com.evermind.util.f.run(JAX)
What serial number I must to put in this tag?
Thanks, Esteban