Hi all
I have a Tomcat 5.5 server which is correctly configured for SSL.
I set up mutual SSL authentication, following this tutorial : [http://www.vorburger.ch/blog1/2006/08/setting-up-two-way-mutual-ssl-with.html] and it works fine.
The problem is that I have to add in "tomcat-users.xml" file a user with the "dname" of each client certificate, like this :
<role rolename="wsrole"/>
<user username="CN=toto, OU=xxx, O=yyy, L=zzz, ST=idf, C=fr" password="null" roles="wsrole"/>
and the specified role is used in the web.xml, like this :
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Area</web-resource-name>
<url-pattern>/</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>wsrole</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
<security-role>
<role-name>wsrole</role-name>
</security-role>
If the username corresponding to the "dname" of client certificate is not in "tomcat-users.xml" file, I get an HTTP 401 error.
It's embarrassing because there may be a lot of users, each with its own certificate, and I don't want to have to add all users in "tomcat-users.xml".
Is there a way to do this ?
Thx in advance.