Our usernames are not named exactly the same as the x509 cert 'subject' attr. (or any other attr)
I was hoping i could do some mapping to match a client cert (attr) to an existing tomcat username ...perhaps similar to the way it appears CAS does https://wiki.jasig.org/display/CASUM/X.509+Certificates ________________________________ From: "Caldarale, Charles R" <chuck.caldar...@unisys.com> To: Tomcat Users List <users@tomcat.apache.org> Sent: Fri, August 27, 2010 1:12:24 PM Subject: RE: CLIENT-AUTH x509 attribute mapping to user name > From: Michael Dockery [mailto:dockeryjava...@yahoo.com] > Subject: CLIENT-AUTH x509 attribute mapping to user name Can anyone tell me what class.method > Can anyone tell me what Tomcat version you're using? > which I would need to override > to map a client x509 cert subject/dn attribute > to a valid tomcat username (in memory realm or otherwise) Why can't you use just use an <auth-method> of CLIENT-CERT in the <login-config> for your webapp and let the container take care of it? (Hint: read the servlet spec.) Also check this wiki entry: http://wiki.apache.org/tomcat/SSLWithFORMFallback - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org