How to configure JNDI Realm with Tomcat 7 for PKI User Certificate Authentication? -


list,

i have searched extensively on topic , either a) don't know how configure and/or b) don't quite understand jndi realm supposed do. using tomcat 7.0.32 jdk 1.7.0_15.

here want do. work customers use pki user certificates. user certificates have cn "joe smith". need able cn in ldap , users id, may "jsmith23", , populate principal user in request header. reason have application deployed in tomcat makes call getremoteuser() , id (e.g. "jsmith23") must populated correctly. application sort of web adaptor third party tool, consequently checks ldap again. however, must userid.

i have tried many things, can't seem past ldap lookup. in server.xml, looks following:

     <connector port="443" protocol="org.apache.coyote.http11.http11protocol" sslenabled="true"                    maxthreads="150" scheme="https" secure="true"                    clientauth="true" sslprotocol="tls"                    keystorefile="c:/tomcat7/pki/keystore.jks" keystorepass="changeit"                    truststorefile="c:/tomcat7/pki/cacerts.jks" truststorepass="changeit" />  <realm classname="org.apache.catalina.realm.jndirealm" debug="99"                  connectionurl="ldap://servername:3268"                 allrolesmode="authonly"                  connectionname="cn=dc services,ou=generic,ou=users,ou=managed objects,dc=domain,dc=com"                  connectionpassword="mypassword"                  userbase="dc=domain,dc=com"                  usersubtree="true"                  usersearch="cn={0}"                  userrolename="memberof" />

the web.xml file application looks following:

<security-constraint>     <web-resource-collection>         <web-resource-name>arcgis web adapter</web-resource-name>         <url-pattern>/*</url-pattern>     </web-resource-collection>     <auth-constraint>         <role-name>*</role-name>     </auth-constraint>     <user-data-constraint>         <transport-guarantee>confidential</transport-guarantee>     </user-data-constraint> </security-constraint>  <login-config>     <auth-method>client-cert</auth-method>     <realm-name>arcgis web adapter</realm-name> </login-config> <security-role>     <role-name>*</role-name> </security-role> <welcome-file-list>     <welcome-file>index.jsp</welcome-file> </welcome-file-list>

the problem have keep getting error, no matter try:

message cannot authenticate provided credentials description request requires http authentication.

it prompts me certificate, know gets through. localhost log file shows:

fine: realm.authenticate() returned false

however, know connecting properly, because if change password, can't hit site @ all.

i guess 1 of questions result of jndi realm setup. if looks username's cn in ldap, what? suppose provide authentication necessary proceed web application? if change basic , use username/pwd authentication, works perfectly. using client-cert , using ldap lookup, can't seem achieve need to.

i need process looks user's id based on certificate cn , populates principal user in http request later call gettemoteuser() works correctly.

any appreciated.

problem org.apache.catalina.realm.jndirealm requires username , password. when authenticating client-cert, org.apache.catalina.realm.realmbase able use dn certificate username, not able password required jndirealm.


Comments

Post a Comment

Popular posts from this blog

SPSS keyboard combination alters encoding -

my question not have programming practical issue on spss. accident keyword combination cannot remember because did not intend press changed encoding in spss , text in data in different language english shown small boxes. nevertheless, when kind of analysis performed different language text shown in output. does know reason? tried change encoding did not produce result. first, @ edit > options , see whether setting unicode or locale. might fix it. if have text in multiple languages, want unicode. otherwise, may have specific locale set wrong. can change set locale, need know locale want use.
Read more

Add new record to the table by click on the button in Microsoft Access -

in ms access form want implement separate button, adds new record table. in order added button , attached button event: private sub btnaddrec_click() refresh codecontextobject on error resume next docmd.gotorecord , , acnewrec if err.number <> 0 btnaddrec.enabled = false end if end end sub everything ok when open window , click btnaddrec button, problem when first of perform navigation through existed records , after click on button. got runtime error: 2105: «you can't go specified record. may @ end of recordset» . how solve issue, need have ability add new record on click on specific button, no matter, have walked or not walked through records before. thanks. i created simple form field call description (and autonumber) , created button code follows click event. filled number of records , navigated through them, clicked addnewrec button. form navigated new record without issues. able click addnewrec button directly after
Read more

javascript - jQuery .height() return 0 when visible but non-0 when hidden -

i have problem here right opposite others: in jquery cannot height of element when it's visible, when hidden. have html code: <div id="filtering-filter-holder"> <div id="filtering-filter-holder-inner"></div> </div> basic css it: #filtering-filter-holder { display: none; position: absolute; width: 420px; min-height: 100px; padding: 5px 5px 5px 5px; background-color: #ffffff; border: 1px solid #164372; } and finally, js in document.ready(): $('div.filtering-filter-headline').mouseenter(function() { var el = $(this).parent().find('div.filtering-filter-content'); if ($('div#filtering-filter-holder').is(':visible')) { $('div#filtering-filter-holder-inner').stop(true, true).fadeout(300, function() { $('div#filtering-filter-holder-inner').html($(el).html()); var height = $('div#filtering-filter-holder-inner&#
Read more