• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Paul Clapham
  • Jeanne Boyarsky
Sheriffs:
  • Devaka Cooray
  • Junilu Lacar
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Ron McLeod
  • Tim Holloway
  • Claude Moore
  • Stephan van Hulst
Bartenders:
  • Winston Gutkowski
  • Carey Brown
  • Frits Walraven

Tomcat clientAuth=want  RSS feed

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

My setup is:
OS = Centos 7.4
Tomcat 9
Java 8
optional docker.


I am new to tomcat. I am experiencing different behavior when installing tomcat as a docker container and when it is a normal install. I would like to use certificate for authentication, but there is an issue when using clientAuth=want  that I cannot understand.

If I use tomcat in a docker container and I set clientAuth=want, then I am prompted for a certificate.

If I use a regular installation of tomcat and I set clientAuth=want, then I am not prompted for a certificate.

My question is, why I do not get the certificate prompt when regular install is used? Am I missing something?

 
Saloon Keeper
Posts: 20510
115
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the Ranch, Ruben!

I'm not a big fan of client-side web authorization. If the client machine gets stolen, then the thief gets the keys to your account as a free bonus. If the client machine gets broken, any replacement machine isn't going to come with the required client cert.

Still, there's a use for almost everything.

And there's absolutely no reason I can think of why Tomcat's security system should be caring whether Tomcat is containerized or not. Certainly it never made a difference for me.

About the best guess I can make is that you might be losing any changes made to your Tomcat container if you do a cold restart of the container. Since unless you create and save and then start a new image, a cold start loses all changes made from the last container run.
 
Ruben Tos
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Tim,

I would like for the user to get prompted to select a certificate whenever the user browse to the tomcat server (see attachment).
Can you please let me know what I need to to do in tomcat to make that possible? I thought that this only requires the clientAuth setting to be set to "want" and server usage of https.

Thanks,

selectcert.JPG
[Thumbnail for selectcert.JPG]
chrome select cert
 
Screaming fools! It's nothing more than a tiny ad:
Become a Java guru with IntelliJ IDEA
https://www.jetbrains.com/idea/
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!