ssl - Tomcat does not prompt certificate for web application (OpenAM) -


i have been trouble shooting set of openam while, still not make work wanted. wanted openam able to ocsp validate authenticating user through own copy of ejbca. therefore, need tomcat prompt user certificate , pass openam. visiting openam https fine, , user can login using password (root realm in openam). however, tomcat not prompt user certificate when visiting realm designed certificate login (a sub-realm in openam require certificate). has thought on it? here fragment of server.xml of tomcat configuration related ssl:

    <connector port="8181" protocol="http/1.1"            connectiontimeout="20000"            redirectport="8445" />     <connector port="8445" protocol="http/1.1" sslenabled="true"            maxthreads="150" scheme="https" secure="true"            keystorefile="/opt/sso/apache-tomcat-7.0.52/conf/keystore"            keystorepass="password"            truststorefile="/opt/sso/apache-tomcat-7.0.52/conf/keystore"            truststorepass="password"            clientauth="want" sslprotocol="tls" />

there no change web.xml file in case. thanks.

here output of openssl s_client -connect fqdn:8445 per bernhard's suggestion

connected(00000003) depth=1 cn = leopardrootca verify error:num=19:self signed certificate in certificate chain verify return:0 --- certificate chain  0 s:/cn=ncw01271123114/ou=ouname/o=o-name/l=j/st=a/c=us    i:/cn=leopardrootca  1 s:/cn=leopardrootca    i:/cn=leopardrootca --- server certificate -----begin certificate----- miidlzccawc--too_long_too_show -----end certificate----- subject=/cn=ncw01271123114/ou=ouname/o=o-name/l=j/st=a/c=us issuer=/cn=leopardrootca --- acceptable client certificate ca names /cn=leopardrootca /cn=ncw0127114/ou=ouname/o=o-name/l=j/st=a/c=us --- ssl handshake has read 2097 bytes , written 403 bytes --- new, tlsv1/sslv3, cipher dhe-dss-aes256-sha server public key 1024 bit secure renegotiation supported compression: none expansion: none ssl-session:     protocol  : tlsv1     cipher    : dhe-dss-aes256-sha     session-id: 53309aa15c218f41330c077476a3bdae352cafd84a503a281ea09ae884ba73d9     session-id-ctx:      master-key: ef5016a9d8236a704313720fc2e1a1b9fac47a744f6a9b53e80bbef8d1141476e050a71f3c50498abee1f790a2d76891     key-arg   : none     psk identity: none     psk identity hint: none     srp username: none     start time: 1395694241     timeout   : 300 (sec)     verify return code: 19 (self signed certificate in certificate chain)

as can see following handshake message

acceptable client certificate ca names /cn=leopardrootca /cn=ncw0127114/ou=ouname/o=o-name/l=j/st=a/c=us

tomcat asking client certificates , accepts certificates issued 1 of certificate authorities.


Comments

Post a Comment

Popular posts from this blog

android - Get AccessToken using signpost OAuth without opening a browser (Two legged Oauth) -

i using signpost oauth access data magento server. have read various tutorials on same , reach point open browser user can enter credentials. however, per requirement have automate part. hence, user should not browser page. have set-up done on server side ( magento ), hit url , returned call page. same through program in android. i have tried below, consumer = new commonshttpoauthconsumer(key, secret); provider = new commonshttpoauthprovider(oauth_init_url,access_token_url, authorize_url); try { provider.retrieverequesttoken(consumer, oauth.out_of_band); log.d("tokens" , consumer.gettoken() + " -- " + consumer.gettokensecret()); } and request tokens. dont know how bypass next step. tried directly accessing accesstoken (stupid of me) provider.retrieveaccesstoken(consumer, "mycallback://callback"); no luck, ends in oauth.signpost.exception.oauthnotauthorizedexception: authorization failed (server replied 401). ...
Read more

org.mockito.exceptions.misusing.InvalidUseOfMatchersException: mockito -

getting error org.mockito.exceptions.misusing.invaliduseofmatchersexception: invalid use of argument matchers! 1 matchers expected, 2 recorded. exception may occur if matchers combined raw values: //incorrect: somemethod(anyobject(), "raw string"); when using matchers, arguments have provided matchers. example: //correct: somemethod(anyobject(), eq("string matcher")); at when( getprogramservice .callservice(any(getprogramtype.class))) .thenreturn(jaxbresponse); please explain error , possible resolution the code posted looks fine; don't see problem it. code before or above causing exception. key here: invalid use of argument matchers! 1 matchers expected, 2 recorded. any , used above, doesn't return "special kind of null" or "special kind of getprogramtype"; don't exist. instead, returns null , side effect puts matcher on stack. whe...
Read more

google shop client API returns 400 bad request error while adding an item -

i'm working on solution add items in google shopping market java application. following tutorial real mess because of missing classes of laste release, after setting 1.5-beta maven managed make base example typecheck correctly classes. still can make simple task of adding 1 item. instead of posting whole code i'm posting part creates product feed. private product createproduct(string id) { product product = new product(); product.title = "red wool sweater"; product.content = new content( "text", "comfortable , soft, sweater keep warm on " + "cold winter nights. red , blue stripes."); product.appcontrol = new appcontrol(); product.appcontrol.addrequireddestination("productads"); product.externalid = id; product.lang = "it"; product.country = "it"; product.condition = "nuovo"; product.price = new price("eu...
Read more