Pete, On Nov 10, 2006, at 1:38 PM, Lucuk, Pete wrote:
So we are currently looking for ways to bridge the gap between the our Jboss web based application on physical server A and the web browser client PCs so that we can perform both... - HTTPS - client certicate A&A I am currently looking at Apache 2.2.3 and its proxy support to bridge the gap. Almost everything I have read tells me that... - I CAN do the HTTPS portion - but that I can NOT do the client certificate A&A portionCan you please confirm the above two assumptions and give some input as why and why not. I need to bring the info to my management and formallydocument it.
There are several ways to do this:1) Use the Apache httpd with mod_proxy to forward HTTP requests in a reverse proxy setup. mod_ssl will perform the SSL handshake, and insert the client-side certificate information into the forwarded requests as custom HTTP request headers. It is then up to your application to parse these headers and extract the identity information.
2) Use Apache with mod_jk. The mod_jk module can forward SSL connection information to the application server, and I believe this includes the client side certificate. This info should then be available in the request objects in the same fashion as when the HTTPS request arrives directly at the application server.
The above is of course a very brief and general description, and adapting this to your specific deployment needs would take work significantly beyond the scope of this list.
Regards, Sander -- sctemme@xxxxxxxxxx http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
|