Salut,
glassfish_at_javadesktop.org wrote:
>> In this case, do not enforce SSL client
>> authentication at the HTTP
>> listener level.
>>
>> Instead, specify CLIENT-CERT as the auth-method in
>> the web.xml of the
>> webapps
>> that require SSL client authentication.
>
> I tried that, unfortunately the CLIENT-CERT auth-method apparently is being ignored.
>
> The server is not asking for a client certificate unless I enforce SSL client authentication at the HTTP
> listener level. This has the side effect of requiring client certificates for all applications accessed via https on port 8181.
>
> My web.xml is listed in my original message, do you see anything wrong with it?
>
If you edit ${glassfish.home}/domains/domain1/config/domain.xml and
search for <http-listener ... port="8181" ..blocking-enabled="false" .../>
and change the blocking-enabled value from false to true, does it work?
If yes, can you file an issue and assign it to .... me ;-)
https://glassfish.dev.java.net/servlets/ProjectIssues
Thanks
-- Jeanfrancois
> Thanks for the suggestion,
> Eraser
> [Message sent by forum member 'eraser' (eraser)]
>
> http://forums.java.net/jive/thread.jspa?messageID=217252
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>