Hi, I have been thinking about replacing the legacy username/password system used today in my web-applications to use autentication with personal certificates via client-cert authentication. The problem is that I need to run multiple instances of the same web-application with different users in each instance. The way it is done now is thru a legacy system checking the database if username/password match, then generating a session - which should still be possible if the webapp is not set up to use client-cert authentication.
The examples I see are all based on usernames and password (depending on authenticaiton) placed in a spesific tomcat file - and I can't do that, it needs to be put into the legacy database for the spesific instance. The plan is to have the user, when entering without a personal certificate, just enter his/her e-mail address in a field, then posted to a servlet residing in the spesific web-application which then produces and e-mail with an url and a random confirmation key. When the user clicks this url, he/she will get the certificate request produced by a servlet which the browser will ask the user to accept. So, is it possible to a) have autentication split on each web-app and b) have the user authentication be base on a legacy system thru e.g. a class in the web-application itself? -- View this message in context: http://www.nabble.com/Client-cert-authentication-across-web-applications-t1600820.html#a4340834 Sent from the Tomcat - User forum at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]