I configured the server.xml file in tomcat inside jboss4.0.3sp1 with both keystore and truststore, respective pswds, and clientAuth="true". This enables dual ssl. However, it disables basic auth from any clients towards other web apps that don't require cert based auth. I was expecting that different webapps, running in different security domains, with diferent <auth-method>values (BASIC versus CLIENT-CERT) would be enough for the app server to know when to negociate client cert or not. Apparently it doesn't work like that.
I'm already used to not get many answers from this forum. Never know if my questions are to basic or to complex. Even so, I believe that this scenario should be common enough to work. However, if it's not supposed to work like that after all, I need to setup my different web apps in different tomcat connectors with different ssl cfgs. This step I don't know how to do, so if someone has any hints on any of these topics I would as always welcome them. Sincerely hope anyone can help me with this. No point in redirecting me to http://www.jboss.org/wiki/Wiki.jsp?page=SSLSetup either. Been there, done that :) Thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3949168#3949168 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3949168 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user