clientAuth="true How can we setup JTS to accept client certificate login - Active Directory Integrated
We have DOORS NG 6.0 Installed on Windows 2008 R2 running apache tomcat, authentication is integrated into Active Directory, and databases on SQL Server.
The question now is the clientAuth="true setting in the Tomcat server.xml file to enable client certificate authentication but how does apache actually map the certificate back to an active directory account?
I know how to do this using IIS 7 Active Directory Client Certificate Mapping - does apache have a similar service and how do you set this up?
Erik
|
2 answers
What you did with IIS7 in the past is exclusively Microsoft. When you put Tomcat into the picture, AD is treated as a standard LDAP server, hence loses all its "magical" features. When you set "clientAuth=true" for Tomcat, you effectively configure the mutual authentication - the client (browser) requests a certificate from the server (Tomcat), and the server requests a certificate from the client as well. Note that in this case, the client certificate identifies the browser/machine, and has no relationship to the LDAP user.
If you want detailed steps on the configuration, check out the below links. http://stackoverflow.com/questions/27362588/mutual-authentication-with-tomcat-7 http://www.java-notes.com/index.php/two-way-ssl-on-tomcat |
DOORS NG, or actually the Jazz Team Server & Tomcat needs to be configured to use the LDAP functionality from the Active Directory server. Here in the Knowledge Center you can find details how to configure this: Managing users by using LDAP on Tomcat
Personally I like to use the interactive installation guide where you can pick your setup to get detailed instructions. Comments
Erik Brown
commented Sep 01 '15, 3:05 p.m.
We have the Jazz Team Server Active Directory Integrated already. The question is how do we configure the Apache Web Server for client certificate login? How does Apache map the certificate back to an Active Directory account? Thanks |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.