Evening, I've been reading this page: http://wiki.apache.org/tomcat/SSLWithFORMFallback I'm currently using Tomcat 7 on Linux. In short, Neither of the bits of code linked on that page work for me but the thing described in the title is what I desire.
I have client certificate authentication working fully within my needs, but I'm looking for a fallback so I can support allow users without one of the appropriate smart cards being able to get in. BasicAuth would also be fine for this project, although I'd much rather it were a form. Additionally, I'm unclear on what the purpose of "optional" is on the clientAuth parameter of a Connector,if it's not for the purpose of some other fallback authentication mechanism to work. Maybe it's just implemented because it's integral to the TLS implementation? Another option is to configure the trust store appropriately, then self-sign certificates and pass them out. That's still a little hostile to the users that don't have smartcards in the first place; I have my Realm hitting up an LDAP server with a username-pass tuple that non-smartcard-wielding users already have an account on. Any suggestions or direction would be greatly appreciated; fundamentally, I have an app, using container security to keep it safe. Most users will use smartcards to secure a client cert TLS, but not all users have those smartcards. Cheers, Gary --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
