验证与智能卡的用户和LDAP在Tomcat中7 [英] Authenticate user with Smart Card and LDAP in Tomcat 7
问题描述
我有上运行Tomcat 7的Web应用程序,它配置了一个自定义JNDIRealm,在我的web.xml我的login-config认证方式,方法设置为形式。
I have a web application running on Tomcat 7 and it is configured with a custom JNDIRealm and my login-config auth-method in my web.xml is set to "FORM".
我试图找到一种方式来补充,如果presented,通过同一个LDAP与智能卡验证用户身份的能力。
I am trying to find a way to add the ability to authenticate users through the same LDAP with a smart card, if presented.
我已经改变了我的server.xml有 clientAuth =希望,但想知道是否有对用户进行身份验证的方式,当一个证书是presented通过LDAP,然后再引导他们过去的登录表单。这可能吗?
I have changed my server.xml to have clientAuth=want, but want to know if there is a way to authenticate the user when a certificate is presented via the LDAP and then re-direct them past the login form. Is this possible?
编辑:迈克尔-O下方标记为正确答案,因为我能够通过创建一个扩展FormAuthenticator一个自定义的类,然后注册,为实现这一Tomcat的authenticator.properties。这让我检查从请求中的客户端x509cert。如果认证是present有效,验证和用户转发到受保护的资源页面。如果没有present或无效,用户转发到表单登录。
Michael-O below was marked as the right answer because I was able to achieve this by creating a custom class that extends FormAuthenticator and then registering that in Tomcat's authenticator.properties. This allowed me to check for a x509cert from the client in the request. If the cert is present and valid, authenticate and forward the user to the secured resources page. If not present or invalid, forward the user to the form login.
推荐答案
您显然不希望你现在是什么,或者你实际使用什么技术。智能卡认证是相互SSL验证。所以,你首先需要Tomcat的配置为接受基于SSL的认证。您的领域将获得证书X509并尝试找到自己的DN数据存储中。这家商店可以是任何东西,数据库,文件,目录等。
You obviously do not now what you want or what technologies you are actually using. Smartcard authentication is mutual SSL authentication. So you first need to configure Tomcat to accept SSL-based authentication. Your realm will receive the X509 certs and will try find your DN in your data store. The store can be anything, database, files, directory, etc.
这篇关于验证与智能卡的用户和LDAP在Tomcat中7的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
