Following the advice from this link http://books.mcgraw-hill.com/betabooks/aug02/taylor/0072225653_ch10.html
I tried to get SSL client authentication to work by setting the following entry in tomcat-users.xml: <user username="CN=x, OU=y, O=z, L=a, S=b, C=c" password="" roles="user"/> where x,y,z,etc. have real but unimportant values. Evidently Tomcat somehow matches the distinguished name from my certificate against an entry in the users file, presumably to establish the user's role. If it fails to make a match, no authentication takes place which, I guess, is why I was able to access protected pages but getUserPrincipal() was returning null. However, when I start Tomcat I get the error: GlobalResourcesLifecycleListener: Exception creating UserDatabase MBeans for UserDatabase javax.management.MalformedObjectNameException: ObjectName: Invalid (key,value) pair -> username=CN=x So, what do I put in tomcat-users.xml to get client certificate authentication to work? Do I have to escape the '=' signs in some way? TIA (as I really want to put this issue to bed), Chris Williams. P.S. If somebody tells me to "read the FAQ", please specify WHICH FAQ. I've read hundreds over the past few days trying to get to the bottom of CLIENT-CERT auth. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]