Versions Compared

Old Version 4

changes.mady.by.user ASF Infrabot

Saved on

compared with

New Version 5

changes.mady.by.user ASF Infrabot

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

It is assumed that your web-application is working, and you are currently using FORM based authentication. Your login config in your web.xml deployment descriptor should therefore look something like this:

No Format

<login-config>

...


	  <auth-method>FORM</auth-method>

...


	  <form-login-config>

...


	  	<form-login-page>/pub/login.jsp</form-login-page>

...


	  	<form-error-page>/pub/loginerror.jsp</form-error-page>

...


	  </form-login-config>

...


</login-config>

It is further assumed that your web-application contains at least one protected page, requiring authentication, and that the login currently works using your FORM based login with an appropriate Login Realm.

...

In the tomcat server.xml file, configure the server to use client authentication:

No Format

<Connector

...

 port="8443" minProcessors="5" maxProcessors="75"

...


    enableLookups="true" disableUploadTimeout="true"

...


    acceptCount="100" debug="0" scheme="https" secure="true";

...


    clientAuth="want" sslProtocol="TLS"

...


    keystoreFile="/etc/mykeystore.jks" keystorePass="changeit"

...


    truststoreFile="/etc/mytruststore.jks" truststorePass="changeit"/>

Note the use of clientAuth="want" to request a certificate, but not fail if none is presented.

...