i'm developing a web application using Jboss 6.1.
One of the sistem requirements, is that the user should be authenticate throught a digital certificate. With that in mind, i've set my jboss to use https://
with SSL3 protocol, created a server certificate with a reference to a CA certificate and set the property "verify-client=false"
.
After that, i've changed my web.xml
to request the client's certificate on /LoginByCert
.
<security-constraint> <web-resource-collection> <web-resource-name>secured</web-resource-name> <url-pattern>/LoginByCert</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>CLIENT-CERT</auth-method> </login-config>
But when i acess https://localhost:443/MyApp/LoginByCert
my jboss is throwing an Exception
Exception getting SSL attributes: java.net.SocketException: Socket Closed
and the client's web browser ask´s for it´s certificates. Once the client chooses a certficate, displays the error message
Status 401 - JBWEB000010: Cannot authenticate with the provided credentials
Can someone help me? thank you for your time.