Provide design for Tomcat Realm based authentication/authorization #585
Comments
|
Comment from jmagne (@jmagne) at 2011-11-22 20:05:31 Experimented with a sample JNDI realm hooked up with the "CLIENT-CERTS" authentication method. This was done using tomcatjss at the connector level. Going to the page asks for the cert. Research indicates that there is a way to create a custom JNDI tomcat Realm that overrrides the getPricipal(X509Cert certs) method. We could add code to both make use of the JNDI realm and actually compare the incoming cert to the cert in the LDAP database already encoded. |
|
Comment from jmagne (@jmagne) at 2011-12-06 20:46:35 Progress: Was able to put together a rough custom JNDI realm hooked up to our tomcatjss SSL Connector port. The realm does nothing but override "getPrincipal(X509Cert usercert) and extracts the uid of the incoming user from the cert's subject name.That uid is sent into getPrincipal(String username). The JNDI part of the realm is configured simply to search for the user from a base dn using a simple search pattern. The next step is to put in some code to do the certificate comparison that we do in our system already. |
|
Comment from jmagne (@jmagne) at 2012-01-19 19:43:01 The solid concept it here. There will be a bit more investigation to finish this off. |
|
Comment from jmagne (@jmagne) at 2017-02-27 14:08:23 Metadata Update from @jmagne:
|
This issue was migrated from Pagure Issue #13. Originally filed by jmagne (@jmagne) on 2011-11-15 03:14:37:
Based on results of requirements gathering, come up with a design on how to actually accomplish the required functionality.
The text was updated successfully, but these errors were encountered: