-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Magosányi,
On 10/7/19 11:16, Magosányi Árpád wrote: >> Magosányi, >> >> On 10/7/19 10:37, Magosányi Árpád wrote: >>> I intend to use the user and certificate info in a Filter. >> >>> I think I have configured everything to do that, but the >>> information does not get passed along. Based on various >>> documentations and howtos, SSLVerifyClient require, SSLOptions >>> +StdEnvVars and SSLOptions +ExportCertData and JkExtractSSL On >>> should be enough to pass certificate data, and Require >>> valid-user should be enough to pass the authenticated >>> username. >> >>> I see the following debug output (also contains the various >>> info logged by the filter), which clearly lacks the information >>> needed. >> How are you getting the attributes from the request? > > This is the filter code: > > > String user = httpRequest.getRemoteUser(); Object cert = > httpRequest.getAttribute("javax.servlet.request.X509Certificate"); > this.context.log("user:"+user); This won't show any username unless the user has logged-in using HTTP Basic/Digest authentication. Are you using those? To get the certificate chain, I think you also need this in your httpd configuration: JkOptions +ForwardSSLCertChain >> Is the CGI being executed by Tomcat or is it being executed by >> httpd? > > Executed by Apache httpd. Okay. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl2bWSkACgkQHPApP6U8 pFgkdQ/+O3c3y8QZaBSyQk0do9nCyVl1os/GBGnBTmPYio7C3L/DHQ78LaERjJwl DHvElopUxA5T7Jcbrg8mAN41lv3oLkoZqBv1htXxL/6JliRGG5DkH8ZCXbIBIH36 a2kVIJ2B4fbPryZ0kjZ+dmiHfJUYRr41NNZ0Ejrs93VEsV4+A8JZna74z4Wh0nRN AwctTF/PTZuPrgEAVx7s9zxGFAasHWv5h3UIHXUmHKCmFQxY8bP8GUWXyAZ0pdtg PiDJf3xAZeG2joB7n2M44VohGyFhG0i+x4fKYn212n8zq7bs++TbWiknrUAUQqMS LFc6qXw85CxeKoJva4Q1F228HmtXJXLYw/6esjQHWdKqChU2IPUutrTFwxeb2hlf ZBWHby77FyDQtErakxyVlv9Qi4bwmPeH4bR86ovarxhFYQ7bEcEyEAxdsY6HPnpj we/pvHXWhb1Rs6MAthZyXzyhmGHu4nZyHbedQnsgX9hBAXerSqs0u8AQaAkmQLtd dYDNQZ2jL5scN8jB951BMTlgskpxuWGyxG6xbBPM6/YdGTN9Qfgem7TRPzhDImO8 C53AheJwAK/RQGAoNaXIHK66p1bTR33IH3ycvmzsDhBxdtQcCRSpABL6Xm8LGxzS PU2zKywcD5dqKu9Btd1+PECVy1MIPUkvl++Qv9TwTdqxwGoas3s= =PCeu -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org