I've been watching this forum for sometime and this question appeared here
several times. So far nobody posted a solution that would allow Apache
working as proxy to pass client certificate to a backend server. The only
worked way was Apache (2.2.3) + mod_jk + Tomcat which isn't applicable to
your case because you use WebSphere. I don't know if WebSphere supports AJP
connectors, if it does you can try mod_jk. Otherway you can extract
necessary fields from client cert and put them into environment (I suppose
you use *NIX platform) then you can read them from your Java application.
On 12/29/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Probably I've to modify my application if there is no other way to send
all client certificate info to my application server via proxy reverse.
Actually the web application on WebSphere is using
javax.net.ssl.peer_certificates and then it extracts the first OU field.
How can I display the entire content of my request (all the data I send to
the application server with the header too)?
I've tried setting Loglevel debug in my webserver configuration file but
in my log I cannot recognise such information.
Please let me know
ManuciaoThanks!
*Christian Gottschalch <[EMAIL PROTECTED]>*
28/12/2006 10.53 Please respond to
users@httpd.apache.org
To
users@httpd.apache.org cc
Subject
Re: [EMAIL PROTECTED] Apache and client certs
if you use Apache Reverse Proxy, then SSL Session will be terminated at
the Reverse Proxy and the SSL Authentication / verification is done by
reverse proxy
to transport some certificate information to your WebSphere can use:
RequestHeader set "HTTP_USER_ID" %{SSL_CLIENT_S_DN_CN}e
The WebSphere Application now can authorize the user based on http
header "HTTP_USER_ID", but your application must be able to.
You also may have a look at
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#forwardreverse
regards
[EMAIL PROTECTED] schrieb:
>
> Hello everyone!
> I've an apache 2.2 WebServer that is working as a reverse proxy for a
> WebSphere application server that is on a separate machine.
>
> Now I have a web application that need an information that is included
> in a client certificate field (OU).
>
> I would like to know if, with apache, is possible to obtain a
> configuration where the webserver requires the client cert but doesn't
> verify it and pass it to the application server that can verify it.
>
> I have such a configuration with IBM http Server. Here there is a
> directive in the http server configuration file that let you specify
> "passthrough" value for client cert.
>
>
> Please let me know!
>
> Thanks in advance
>
> Manuela Vorazzo
>
> \
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
