Hello,

I try to implement a custom client certificate authentication, that does
some complicated LDAP-lookups in the background and gives an authenticated
value with request.getRemoteUser() back to the applications.

Peeking through the jcifs source, I chose to implement a filter. This
works,but I'd like to limit the areas where the tomcat-SSL Connector asks
for a SSL-Clientauthentication.

I configured the connector with clientAuth="false" and tried to force SSL
client authentication within the applications web.xml with:

 <security-constraint>
   <web-resource-collection>
 
<web-resource-name>Zugriffsschutz</web-resource-name>
     <url-pattern>/secure/*</url-pattern>
   </web-resource-collection>
   <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
     </user-data-constraint>
 </security-constraint>

 <login-config>
   <auth-method>CLIENT-CERT</auth-method>
 </login-config>

But this does not make the connector ask for a client certificate. How do I
make the connector ask for it? (clientAuth="true" in the connectors
configuration works, but limits the access of all pages to users that have
client certs).

I'm using tomcat 5.5.20.

Regards,
Alexander Jung