DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38555>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38555 Summary: CLIENT-CERT authentication fails with UserDatabase Realm Product: Tomcat 5 Version: 5.0.28 Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Connector:Coyote AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] I have set up SSL CLIENT-CERT authentication using the MemoryRealm: server.xml ========== <Realm className="org.apache.catalina.realm.MemoryRealm" /> .. <Connector port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="want" sslProtocol="TLS" keystoreFile="keystore.jks" keystorePass="geheim" truststoreFile="truststore.jks" truststorePass="wonttell"/> tomcat-users.xml ================ <tomcat-users> <role rolename="myrole"/> ... <user username="EMAILADDRESS=markus..., CN=markus..., OU=CA, O=..., L=..., ST=..., C=DE" password="" roles="myrole"/> ... </tomcat-users> web.xml ======= <security-constraint> <web-resource-collection> <url-pattern>/secret/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>myrole</role-name>> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>CLIENT-CERT</auth-method> </login-config> <security-role> <role-name>myrole</role-name> </security-role> This works fine. The Bug ======= It does not work using the UserDatabase Realm: <Realm className="org.apache.catalina.realm.UserDatabaseRealm" debug="0" resourceName="UserDatabase"/> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved"> </Resource> <ResourceParams name="UserDatabase"> <parameter> <name>factory</name> <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value> </parameter> <parameter> <name>pathname</name> <value>conf/tomcat-users.xml</value> </parameter> </ResourceParams> Error Message ============= I always get access denied for the protected URL even if I have the right SSL client certificate in the browser keystore AND the right clientcert metadata in the tomcat-user definition. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
