diff options
Diffstat (limited to 'base/kra/shared')
-rw-r--r-- | base/kra/shared/conf/server.xml | 45 | ||||
-rw-r--r-- | base/kra/shared/webapps/kra/WEB-INF/web.xml | 4 |
2 files changed, 3 insertions, 46 deletions
diff --git a/base/kra/shared/conf/server.xml b/base/kra/shared/conf/server.xml index 96e396b72..54ba3272b 100644 --- a/base/kra/shared/conf/server.xml +++ b/base/kra/shared/conf/server.xml @@ -235,51 +235,8 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) resourceName="UserDatabase"/> --> - <!-- Custom PKIJNDI realm - - Example: - - <Realm className="com.netscape.cmscore.realm.PKIJNDIRealm" : classpath to realm - connectionURL="ldap://localhost:389" : standard JNDI connection URL - userBase="ou=people,dc=localhost-pki-kra" : standard JNDI userBase property - userSearch="(description={0})" : Attribute to search for user of incoming client auth certificate - : Use userSearch="(UID={0})" if wanting to search isolate user based on UID - : Also set the following: certUIDLabel="UID" or whatever the field containing - : the user's UID happens to be. This will cause the incoming's cert dn to be - : be searched for <certUIDLabel>=<uid value> - - certAttrName="userCertificate" : Attribute containing user's client auth certificate - roleBase="ou=groups,dc=localhost-pki-kra" : Standard JNDI search base for roles or groups - roleName="cn" : Standard attribute name containg roles or groups - roleSubtree="true" : Standard JNDI roleSubtree property - roleSearch="(uniqueMember={0})" : How to search for a user in a specific role or group - connectionName="cn=Directory Manager" : Connection name, needs elevated privileges - connectionPassword="secret123" : Password for elevated user - aclBase ="cn=aclResources,dc=localhost-pki-kra" : Custom base location of PKI ACL's in directory - aclAttrName="resourceACLS" : Name of attribute containing PKI ACL's - /> - - Uncomment and customize below to activate Realm. - Also umcomment Security Constraints and login config values - in WEB-INF/web.xml as well. - --> - <!-- - <Realm className="com.netscape.cmscore.realm.PKIJNDIRealm" - connectionURL="ldap://localhost:389" - userBase="ou=people,dc=localhost-pki-kra" - userSearch="(description={0})" - certAttrName="userCertificate" - roleBase="ou=groups,dc=localhost-pki-kra" - roleName="cn" - roleSubtree="true" - roleSearch="(uniqueMember={0})" - connectionName="cn=Directory Manager" - connectionPassword="netscape" - aclBase ="cn=aclResources,dc=localhost-pki-kra" - aclAttrName="resourceACLS" - /> - + <Realm className="com.netscape.cmscore.realm.PKIRealm" /> --> <!-- Define the default virtual host diff --git a/base/kra/shared/webapps/kra/WEB-INF/web.xml b/base/kra/shared/webapps/kra/WEB-INF/web.xml index 273ca1fa4..7b4072085 100644 --- a/base/kra/shared/webapps/kra/WEB-INF/web.xml +++ b/base/kra/shared/webapps/kra/WEB-INF/web.xml @@ -1010,13 +1010,13 @@ <!-- Customized SSL Client auth login config - uncomment to activate PKIJNDI realm as in conf/server.xml + uncomment to activate PKI realm as in conf/server.xml --> <!-- <login-config> - <realm-name>PKIJNDIRealm</realm-name> + <realm-name>PKIRealm</realm-name> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert Protected Area</realm-name> </login-config> |