Markus a écrit : >Ok, when I set clientAuth to "want" the "Exception getting SSL Cert" >goes away. (Wtf is this documented?). > Yes it is documented: http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html Section 'Edit the Tomcat Configuration File'
> But I still get the 403 - Access >denied error. > > This mean client didn't send a certificate or certificate was not recognized >Here is how I added the users certificate to my realm: > >web.xml: > > <security-constraint> > <web-resource-collection> > <url-pattern>/html/*</url-pattern> > <http-method>POST</http-method> > <http-method>GET</http-method> > </web-resource-collection> > <auth-constraint> > <role-name>myrole</role-name>> > </auth-constraint> > <user-data-constraint/> > </security-constraint> > > <login-config> > <auth-method>CLIENT-CERT</auth-method> > </login-config> > > <security-role> > <role-name>myrole</role-name> > </security-role> > >tomcat-users.xml: > ><tomcat-users> > <role rolename="myrole"/> > <user username="EMAILADDRESS=mark... , CN=markus...., OU=..., O=... >, L=...., ST=... C=..." password="" roles="myrole"/> ></tomcat-users> > >As username I used exactly the cert.getSubjectDN().getName() String >from the client certificate. > > >Is this ok? > > Did you escape the quote character of subject line using " ? >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]