diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-07-26 20:40:08 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-08-03 17:07:20 -0500 |
commit | 9ca367e9c16273af11909f4c72f9c5cf5ddb0b4d (patch) | |
tree | d6ea91b97102cb948b7c767c08e96f50951aa720 /base/common | |
parent | eca4d635e67eaf3c6878d35acfaaf11df53151e2 (diff) | |
download | pki-9ca367e9c16273af11909f4c72f9c5cf5ddb0b4d.tar.gz pki-9ca367e9c16273af11909f4c72f9c5cf5ddb0b4d.tar.xz pki-9ca367e9c16273af11909f4c72f9c5cf5ddb0b4d.zip |
Enabled SSL authenticator and PKI realm.
The SSL connection has been configured with clientAuth="want" so
users can choose whether to provide a client certificate or username
and password. The authentication and authorization will be handled
by the SSL authenticator with fallback and PKI realm. New access
control rules have been added for users, groups, and certs REST
services.
Ticket #107
Diffstat (limited to 'base/common')
-rw-r--r-- | base/common/shared/conf/context.xml | 4 | ||||
-rw-r--r-- | base/common/shared/conf/server.xml | 3 |
2 files changed, 5 insertions, 2 deletions
diff --git a/base/common/shared/conf/context.xml b/base/common/shared/conf/context.xml index 4b00dbe3c..b28f1bd20 100644 --- a/base/common/shared/conf/context.xml +++ b/base/common/shared/conf/context.xml @@ -39,4 +39,8 @@ <Valve className="org.apache.catalina.valves.CometConnectionManagerValve" /> --> + <Valve className="com.netscape.cmscore.realm.SSLAuthenticatorWithFallback" /> + + <Realm className="com.netscape.cmscore.realm.PKIRealm" /> + </Context> diff --git a/base/common/shared/conf/server.xml b/base/common/shared/conf/server.xml index d3c781a6b..596b7e356 100644 --- a/base/common/shared/conf/server.xml +++ b/base/common/shared/conf/server.xml @@ -117,7 +117,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) --> [PKI_UNSECURE_PORT_SERVER_COMMENT] - <Connector name="[PKI_UNSECURE_PORT_CONNECTOR_NAME]" port="[PKI_UNSECURE_PORT]" protocol="HTTP/1.1" redirectPort="8443" + <Connector name="[PKI_UNSECURE_PORT_CONNECTOR_NAME]" port="[PKI_UNSECURE_PORT]" protocol="HTTP/1.1" redirectPort="[PKI_SECURE_PORT]" maxHttpHeaderSize="8192" acceptCount="100" maxThreads="150" minSpareThreads="25" enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true" @@ -186,7 +186,6 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) ocspTimeout="10" strictCiphers="false" clientAuth="[PKI_AGENT_CLIENTAUTH]" - clientauth="[PKI_AGENT_CLIENTAUTH]" sslOptions="[TOMCAT_SSL_OPTIONS]" ssl2Ciphers="[TOMCAT_SSL2_CIPHERS]" ssl3Ciphers="[TOMCAT_SSL3_CIPHERS]" |