You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Experimented with a sample JNDI realm hooked up with the "CLIENT-CERTS" authentication method. This was done using tomcatjss at the connector level. Going to the page asks for the cert. Research indicates that there is a way to create a custom JNDI tomcat Realm that overrrides the getPricipal(X509Cert certs) method. We could add code to both make use of the JNDI realm and actually compare the incoming cert to the cert in the LDAP database already encoded.
Was able to put together a rough custom JNDI realm hooked up to our tomcatjss SSL Connector port. The realm does nothing but override "getPrincipal(X509Cert usercert) and extracts the uid of the incoming user from the cert's subject name.That uid is sent into getPrincipal(String username). The JNDI part of the realm is configured simply to search for the user from a base dn using a simple search pattern.
The next step is to put in some code to do the certificate comparison that we do in our system already.
This issue was migrated from Pagure Issue #13. Originally filed by jmagne (@jmagne) on 2011-11-15 03:14:37:
Based on results of requirements gathering, come up with a design on how to actually accomplish the required functionality.
The text was updated successfully, but these errors were encountered: