Probably I've to modify my application if there is no other way to send all client certificate info to my application server via proxy reverse.
Actually the web application on WebSphere is using javax.net.ssl.peer_certificates and then it extracts the first OU field.
How can I display the entire content of my request (all the data I send to the application server with the header too)?
I've tried setting Loglevel debug in my webserver configuration file but in my log I cannot recognise such information.
Please let me know
ManuciaoThanks!
Christian Gottschalch <masro@xxxxxxx> 28/12/2006 10.53
Please respond to
users@xxxxxxxxxxxxxxxx
Tousers@xxxxxxxxxxxxxxxx cc SubjectRe: Apache and client certs
if you use Apache Reverse Proxy, then SSL Session will be terminated at
the Reverse Proxy and the SSL Authentication / verification is done by
reverse proxy
to transport some certificate information to your WebSphere can use:
RequestHeader set "HTTP_USER_ID" %{SSL_CLIENT_S_DN_CN}e
The WebSphere Application now can authorize the user based on http
header "HTTP_USER_ID", but your application must be able to.
You also may have a look at
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#forwardreverse
regards
Manuela.Vorazzo@xxxxxx schrieb:
>
> Hello everyone!
> I've an apache 2.2 WebServer that is working as a reverse proxy for a
> WebSphere application server that is on a separate machine.
>
> Now I have a web application that need an information that is included
> in a client certificate field (OU).
>
> I would like to know if, with apache, is possible to obtain a
> configuration where the webserver requires the client cert but doesn't
> verify it and pass it to the application server that can verify it.
>
> I have such a configuration with IBM http Server. Here there is a
> directive in the http server configuration file that let you specify
> "passthrough" value for client cert.
>
>
> Please let me know!
>
> Thanks in advance
>
> Manuela Vorazzo
>
> \
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx