Skip to main content

Client Authentication in Tomcat (HTTPS)

1 reply [Last post]
sam_javanet
Offline
Joined: 2006-08-24
Points: 0

Hello,

I have an application that runs as a filter inside tomcat (and tomcat is the webserver). This application receieves requests from external parties, and I need to authenticate these requests.

I am using HTTPS certificates. The server (me) authentication at the client seems to be well discussed ( http://tomcat.apache.org/tomcat-4.0-doc/ssl-howto.html) but I am not sure about how to configure my tomcat to authenticate the client certificates.

Setting "clientAuth = true" seems to only enforce that the client send their certificate, but how is the actual authentication done?

If this is not the right forum, can someone please direct me to the correct one?

Thanks,
Sam

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
regwhitton
Offline
Joined: 2006-09-06
Points: 0

There is some interesting stuff here:

http://www.oreilly.com/catalog/tomcat/chapter/ch06.pdf

Starting from the bottom of page 41.

Hope this helps.