Tomcat 7 JSS does not read the clientAuth setting correctly from server.xml.
The code JSSSocketFactory.java:405-407 will always produce a null value.
// MUST look for "clientauth" (ALL lowercase) since "clientAuth"
// (camel case) has already been processed by Tomcat 7
String clientAuthStr = (String)endpoint.getAttribute("clientauth");
The correct way should be:
String clientAuthStr = endpoint.getClientAuth();
Note that this change will have a side effect. Previously when a user opens the EE page via SSL the server will not prompt for the client certificate. After fixing this the server will prompt for client certificate since the clientAuth is set to "want".
This issue was migrated from Pagure Issue #299. Originally filed by edewata (@edewata) on 2012-08-16 22:44:28:
Tomcat 7 JSS does not read the clientAuth setting correctly from server.xml.
The code JSSSocketFactory.java:405-407 will always produce a null value.
The correct way should be:
Note that this change will have a side effect. Previously when a user opens the EE page via SSL the server will not prompt for the client certificate. After fixing this the server will prompt for client certificate since the clientAuth is set to "want".