-
1. Re: Mixed authentication methods (Client-cert and form) in Seam
kapitanpetko Jan 9, 2010 4:48 AM (in response to miguelandresyb)Probably not. If you require client authentication and that fails you simply don't get an HTTP connection, so no chance to do form auth. Probably not a good idea too: client auth and form auth are very different security levels. Probably best to partition you site and require client auth only when needed.
That said, maybe there is a setting in apache to redirect you somewhere if client auth, but at least I don't know it. Try the Apache reference.
HTH
-
2. Re: Mixed authentication methods (Client-cert and form) in Seam
miguelandresyb Jan 13, 2010 12:14 AM (in response to miguelandresyb)I understand that, I had already thought of that... However our client requires the possibility of client authentication
So I had been thinking (dunno if this is possible) that maybe I could have two wars in my ear, one which is just used for client authentication, and that depending on authentication results it redirects to the login page in the other war (if authentication failed), or the home page in the other war (as a logged in user). However, I'm not sure that it's possible to redirect to another war keeping session information (in fact, I don't even know how to redirect to a view in another war, is that possible at all?)
-
3. Re: Mixed authentication methods (Client-cert and form) in Seam
kukeltje.ronald.jbpm.org Jan 13, 2010 12:31 AM (in response to miguelandresyb)Separate the authentication from the application. Use e.g. http://community.jboss.org/wiki/JBossSeamsupportforWebBrowserSSOProfile
Then you should be able to configure the authentication server to accept both forms of authentication.
-
4. Re: Mixed authentication methods (Client-cert and form) in Seam
kapitanpetko Jan 13, 2010 5:09 AM (in response to miguelandresyb)
Ronald van Kuijk wrote on Jan 13, 2010 00:31:
Separate the authentication from the application. Use e.g. http://community.jboss.org/wiki/JBossSeamsupportforWebBrowserSSOProfileDidn't know about thins one. Haven't tried it, but if it is that easy to integrate SAML2, should do it. Don't know what JBoss Identity supports but if you require auth level PasswordProtectedTransport should do it (X509 is a higher auth level)
Miguel: do post how it worked out, should be interesting.