Am 27. Februar 2020 10:58:01 MEZ schrieb "Martynas Jusevičius" <marty...@atomgraph.com>: >Hi list, > >I'm using a Docker image based on tomcat:8.0-jre8. It serves as an >end-user facing webapp but also as a REST API which authenticates >using client certificates. The same URLs serve both purposes, however >only administrators are using the API. > >The Connector is configured using clientAuth="want". >This works fine with API calls which are run from shell scripts. >In the browser however it prompts a certificate selection (if there >are any client certs). This would not be a problem if the webapp would >not be user-facing, but since it is the certificate prompt can be >confusing to many users and increase our bounce rate. > >I'm looking for some workaround that would not require changing the >whole design. For example asking for the client cert only when a >certain flag is set, such as a query param or request header. >Or somehow not asking for it but still accepting it :) But I guess >that's not how TLS works... > >Any ideas? Thanks. > > >Martynas >atomgraph.com > >--------------------------------------------------------------------- >To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >For additional commands, e-mail: users-h...@tomcat.apache.org
Hi, Instead of configuring the container for client cert Auth change the webapp: 1) define a realm in local context.xml 2) add resp security constraint only for rest api calls -- Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
