On 27/02/2020 09:58, Martynas Jusevičius wrote: > Hi list, > > I'm using a Docker image based on tomcat:8.0-jre8. It serves as an > end-user facing webapp but also as a REST API which authenticates > using client certificates. The same URLs serve both purposes, however > only administrators are using the API. > > The Connector is configured using clientAuth="want". > This works fine with API calls which are run from shell scripts. > In the browser however it prompts a certificate selection (if there > are any client certs). This would not be a problem if the webapp would > not be user-facing, but since it is the certificate prompt can be > confusing to many users and increase our bounce rate. > > I'm looking for some workaround that would not require changing the > whole design. For example asking for the client cert only when a > certain flag is set, such as a query param or request header. > Or somehow not asking for it but still accepting it :) But I guess > that's not how TLS works... > > Any ideas? Thanks.
Can you configure a separate connector on a different port for the shell scripts to use? Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org