Hi list, I'm using a Docker image based on tomcat:8.0-jre8. It serves as an end-user facing webapp but also as a REST API which authenticates using client certificates. The same URLs serve both purposes, however only administrators are using the API.
The Connector is configured using clientAuth="want". This works fine with API calls which are run from shell scripts. In the browser however it prompts a certificate selection (if there are any client certs). This would not be a problem if the webapp would not be user-facing, but since it is the certificate prompt can be confusing to many users and increase our bounce rate. I'm looking for some workaround that would not require changing the whole design. For example asking for the client cert only when a certain flag is set, such as a query param or request header. Or somehow not asking for it but still accepting it :) But I guess that's not how TLS works... Any ideas? Thanks. Martynas atomgraph.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org