Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

clientAuth="true How can we setup JTS to accept client certificate login - Active Directory Integrated

Questions
Tags
Users
Badges
Erik Brown
(1324) Sep 01 '15, 10:01 a.m.
 We have DOORS NG 6.0 Installed on Windows 2008 R2 running apache tomcat, authentication is integrated into Active Directory, and databases on SQL Server.

The question now is the clientAuth="true setting in the Tomcat server.xml file to enable client certificate authentication but how does apache actually map the certificate back to an active directory account?

I know how to do this using IIS 7 Active Directory Client Certificate Mapping - does apache have a similar service and how do you set this up?

Erik

0 votes

2 answers
4,238 views
0 votes

2 answers

Permanent link
Donald Nong
(14.5k614) Sep 02 '15, 12:53 a.m.
What you did with IIS7 in the past is exclusively Microsoft. When you put Tomcat into the picture, AD is treated as a standard LDAP server, hence loses all its "magical" features. When you set "clientAuth=true" for Tomcat, you effectively configure the mutual authentication - the client (browser) requests a certificate from the server (Tomcat), and the server requests a certificate from the client as well. Note that in this case, the client certificate identifies the browser/machine, and has no relationship to the LDAP user.

If you want detailed steps on the configuration, check out the below links.
http://stackoverflow.com/questions/27362588/mutual-authentication-with-tomcat-7
http://www.java-notes.com/index.php/two-way-ssl-on-tomcat

1 vote

Permanent link
Bas Bekker
JAZZ DEVELOPER (1.4k4) Sep 01 '15, 1:23 p.m.
DOORS NG, or actually the Jazz Team Server & Tomcat needs to be configured to use the LDAP functionality from the Active Directory server. Here in the Knowledge Center you can find details how to configure this: Managing users by using LDAP on Tomcat

Personally I like to use the interactive installation guide where you can pick your setup to get detailed instructions.


0 votes

Comments
Erik Brown
Sep 01 '15, 3:05 p.m.

We have the Jazz Team Server Active Directory Integrated already.

The question is how do we configure the Apache Web Server for client certificate login?  How does Apache map the certificate back to an Active Directory account?

Thanks 

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 6,153

Question asked: Sep 01 '15, 10:01 a.m.

Question was seen: 4,238 times

Last updated: Sep 02 '15, 12:53 a.m.

Confirmation Cancel Confirm