Our usernames are not named exactly the same as the x509 cert 'subject' attr. (or any other attr)
I was hoping i could do some mapping to match a client cert (attr) to an existing tomcat username ...perhaps similar to the way it appears CAS does https://wiki.jasig.org/display/CASUM/X.509+Certificates ________________________________ From: "Caldarale, Charles R" <[email protected]> To: Tomcat Users List <[email protected]> Sent: Fri, August 27, 2010 1:12:24 PM Subject: RE: CLIENT-AUTH x509 attribute mapping to user name > From: Michael Dockery [mailto:[email protected]] > Subject: CLIENT-AUTH x509 attribute mapping to user name Can anyone tell me what class.method > Can anyone tell me what Tomcat version you're using? > which I would need to override > to map a client x509 cert subject/dn attribute > to a valid tomcat username (in memory realm or otherwise) Why can't you use just use an <auth-method> of CLIENT-CERT in the <login-config> for your webapp and let the container take care of it? (Hint: read the servlet spec.) Also check this wiki entry: http://wiki.apache.org/tomcat/SSLWithFORMFallback - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
