Hi
I understand, that Glassfish V2 provides LDAP authentication (using the LDAP realm) and SSL client authentication using X.509 certificates (by setting <login-config><auth-method>CLIENT-CERT</auth-method></login-config> in the webapp web.xml). The latter requires storing the client certificates in a keystore file, which the Glassfish domain has access to.
We want users to log into the webapp using their X.509 certificates. But fumbling around with a keystore does not scale, when you have >> 1k users.
Is there a way to let Glassfish consider for SSL client authentication certificates which are stored in an LDAP directory (ie. in the usercertificate (binary) attribute of the inetOrgPerson objectclass)?
Thanks for you help.
[Message sent by forum member 'igormetz' (igormetz)]
http://forums.java.net/jive/thread.jspa?messageID=334458