I have a requirement as follows:
1) User goes to a url on https port 8443. This screen will have a login section.
2) Clicking on a link in the login section should invoke the ssl handshake process.
3) The popup with a list of certificates installed is shown.
4) User chooses the certificate and ssl is estabilished for all other screens that the user will be visiting in the application.
If I make clientAuth = "true" in the server.xml, the user is unable to reach the login page. I believe that the connector configuration is active on the port for all applications/resources deployed and exposed through 8443. I cannot exclude URIs or links to bypass the ssl handshake for one of the screens.
Is there a way I can make the user reach the login page unsecured and then trigger mutual ssl for subsequent clicks on the same port.
I must use only one port 8443.
Please help. Thanks in advance.
Anyone help please?
To make the question simpler:
How to make the some of the applications in JBOSS to be mutually ssl and the others one-way on the same port ?