I am deploying an application in glassfish for an environment that uses client certificates for authentication. The only authentication glassfish needs to do is verify that the client cert is valid against the CA, and set up the Principal object. The web application manages authorization and permissions on its own.
I am able to get certificate authentication working at a simple level in glassfish, but it sets my user principal to my certificates DN. The organization in which I'm deploying this uses a value from the alternate name field in the certificate, not the DN for authorization. In the past we have used Apache as our front end server and were able to use a small script to pull out the alt name and put it in as the username parameter as if it were BASIC authentication.
What is the best approach in Glassfish to make this work? I tried putting a servlet filter in front of the webapp, but I can't change the user Principal from there. I tried creating a custom realm and setting it as the default realm in glassfish, but my webapp seems to ignore this and still validates the certificate and places the DN in the principal.
Should I be looking into JAAS, JACC, glassfish authentication modules, realms again, what?
Thanks for your help,
John
[Message sent by forum member 'warrior389' (warrior389)]
http://forums.java.net/jive/thread.jspa?messageID=340794