michael-o commented on PR #819: URL: https://github.com/apache/tomcat/pull/819#issuecomment-2665078872
@natalia-s-ivanova I do now understand your problem and it not related to the `SpnegoAuthenticator` at all. It is design flaw in the realm system which assumes that the realm verifies credentials, but this does not apply to client certificates and any GSS based mechanism. The JNDIRealm will not help you here. You need a realm which is aware of that fact: https://github.com/michael-o/tomcatspnegoad/blob/e2d95c6708b7ae726acf882ba680534fa5ec8dcc/tomcat90/src/main/java/net/sf/michaelo/tomcat/realm/ActiveDirectoryRealmBase.java#L37-L45 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
