Re: userfriendly failed client authentification
Thanks for your reply. This would be one possibility. I tried to realize this, but in some cases a browser specific error page is displayed instead of a customizable tomcat error page. For example if in the server.xml clientauth="true" you dont get any http error codes. OK, the http traffic happens after ssl authentification, so I can imagine that this has good reasons. But maybe there is a way... Am 08.05.2015 um 08:28 schrieb Violeta Georgieva: > Hello, > > 2015-05-07 20:54 GMT+03:00 Johannes : >> >> >> >> Hello. >> >> I'm using Tomcat 7.0.with Java 7.0. >> I'm trying to create a webapp with needs a client certifiacte >> authentification. >> Normal client certifiacte authentfication works well and I can compute >> the desired certificate data. The clientauth parameter in the https >> connector is set to false. In my webapp is a security-constraint >> registred for a url space, like /secure/*. >> >> If authentifications fails, a ugly browser error page occurs. A new >> authentification try can only be attempt after reopen the browser. >> >> I already noticed setting server wide clientauth to "want", I receive a >> tomcat 401 http error page (which can be customized) if no client >> certificate was found on a protected resource. But entering a bad >> passphrase shows a ugly browser error page again. >> >> Is there a way to deal with that? I believe the user acceptance will be >> low with that behavior. > > Consider providing your own error pages thus you can setup them with you > company branding. > > Best Regards, > Violeta > >> Best regards Johannes. >> > signature.asc Description: OpenPGP digital signature
Re: userfriendly failed client authentification
Hello, 2015-05-07 20:54 GMT+03:00 Johannes : > > > > Hello. > > I'm using Tomcat 7.0.with Java 7.0. > I'm trying to create a webapp with needs a client certifiacte > authentification. > Normal client certifiacte authentfication works well and I can compute > the desired certificate data. The clientauth parameter in the https > connector is set to false. In my webapp is a security-constraint > registred for a url space, like /secure/*. > > If authentifications fails, a ugly browser error page occurs. A new > authentification try can only be attempt after reopen the browser. > > I already noticed setting server wide clientauth to "want", I receive a > tomcat 401 http error page (which can be customized) if no client > certificate was found on a protected resource. But entering a bad > passphrase shows a ugly browser error page again. > > Is there a way to deal with that? I believe the user acceptance will be > low with that behavior. Consider providing your own error pages thus you can setup them with you company branding. Best Regards, Violeta > Best regards Johannes. >
userfriendly failed client authentification
Hello. I'm using Tomcat 7.0.with Java 7.0. I'm trying to create a webapp with needs a client certifiacte authentification. Normal client certifiacte authentfication works well and I can compute the desired certificate data. The clientauth parameter in the https connector is set to false. In my webapp is a security-constraint registred for a url space, like /secure/*. If authentifications fails, a ugly browser error page occurs. A new authentification try can only be attempt after reopen the browser. I already noticed setting server wide clientauth to "want", I receive a tomcat 401 http error page (which can be customized) if no client certificate was found on a protected resource. But entering a bad passphrase shows a ugly browser error page again. Is there a way to deal with that? I believe the user acceptance will be low with that behavior. Best regards Johannes. signature.asc Description: OpenPGP digital signature