Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Custom error page when tomcat authentication fails
Special Forums UNIX and Linux Applications Custom error page when tomcat authentication fails Post 302192312 by sebagra on Tuesday 6th of May 2008 05:10:45 PM
Old 05-06-2008
Custom error page when tomcat authentication fails
Hi people, i have this problem trying to get a custom error page when client authentication fails:

I had configured successfully my tomcat with client authentication using certificates, and now I would like to redirect the user to a custom error page when authentication fails, but I always get a 400 not found error if this happens.

I already tried to set my error page for 400 error code in web.xml but I can't get it to work.
Shouldn't be 403 (forbidden) the error when authentication fails?
Somewhere I read that the socket connection is terminated by tomcat before i can send the user anywhere, and thats why i don't get the redirection.

Here is part of my web.xml... Any idea?
(I entered some blank spaces to be able to show the xml tags)
Thanks in advance.

<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>certificate</realm-name>
</login-config>

<error-page>
<error-code>400</error-code>
<location>/static/html/errorcert.html</location>
</error-page>

PH: I also tried the error-page tag in the login-config section with the same results.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Error Tomcat + Apache

Hi, I have a machine with Unixware 7.1.3 and Apache 2 and Tomcat 4.0.3 it's works, but in the archive log from mod_jk.log ajp13_process_callback - write failed : Error ajp13_process_callback - write failed : Error ajp13_process_callback - write failed : Error... (1 Reply)
Discussion started by: By_Jam
1 Replies

2. UNIX for Dummies Questions & Answers

Creating Custom man Page in Solaris

Hello experts, I'm creating a custom man page. I have two unix boxes - one Hp & the other Solaris On HP, I simply moved the .Z file to /usr/man/man7.Z/ and after that "man myPage" worked. I then tried to do the same on Solaris. First thing is the relevant directory seemed to be... (1 Reply)
Discussion started by: sridhar_423
1 Replies

3. Solaris

Tomcat Error-HTTP Status code 500

when I typed path http://localhost:8080/MyFirst/HelloWorld in web-browser ,it came up with error HTTP Status 500 - type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception ... (0 Replies)
Discussion started by: srinivas2828
0 Replies

4. Web Development

Tomcat shutdown error

not sure if this is the right forum but im having problem with tomcat restart. i have a regular user that when he login it will go directly to a menu options (a. stop tomcat, start tomcat,). if he selects start it would should show that tomcat has been restarted. if the user press X, he will... (2 Replies)
Discussion started by: lhareigh890
2 Replies

5. Shell Programming and Scripting

[Solved] While tomcat shutting down getting error

While tomcat shutting down getting the below error. Error occurred during initialization of VM Could not reserve enough space for code cache CATALINA_OPTS="-verbose:gc -Xloggc:gc.log -XX:+PrintGCDetails -XX:MaxPermSize=24M -Xms256M -Xmx512M -Djava.awt.headless=true -XX:-UseCompressedOops... (2 Replies)
Discussion started by: tuxslonik
2 Replies

6. Web Development

Tomcat - Error Logs

Hi Gurus, Our tomcat server was found hanging and responding to requests although ports 8080 & 8009(AJP) were found in listening state. The catalina.out had the below output: We have JavaMelody(Monitoring tool) packaged along with our application and it seems that monitoring through... (3 Replies)
Discussion started by: Hari_Ganesh
3 Replies

7. Ubuntu

Passwordless ssh authentication fails

Unable to set ssh passwordless authentication I am unable to ssh with passwordless authentication from Windows client onto UBuntu server. The ssh version on UBuntu is OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e , while SSH on Windows Client is OpenSSH_5.1p1, OpenSSL 0.9.8k. I turned on ssh... (5 Replies)
Discussion started by: tkota
5 Replies

8. Solaris

Tomcat..Unable to deploy application remotely in tomcat

Hi, We have upgrade tomcat from 5.0.20 to 7.0.33 and made changes to server.xml file according to newer version.. how ever the upgrade went fine and now i am unable to deploy application remotely.. it is giving 403 access denied error.. we have seperate appbase directory mentioned in server.xml..... (0 Replies)
Discussion started by: phani4u
0 Replies

9. UNIX and Linux Applications

Tomcat 6.0 fails to read symlink(symbolic link) file

Hello all experts, Im in a situation where Tomcat simply does not want to read this file through the symlink.... I checked permissions..OK Also checked file & tomcat owner...all OK. This is what I have my /tomcat/conf/Catalina/local/appname.xml <Context> <Resource name="jdbc/black" ... (3 Replies)
Discussion started by: KingaKoopa
3 Replies

10. IP Networking

Insmod custom module fails with message : disagrees about version of symbol ...

Hello : I want to make a netfilter conntrack module for myself. So I copy all the source code about netfilter conntrack from kernel source tree to my external directory. It can be insmod after compiled. Then I add some members to the struct nf_conn, and it 's compiled successfully. However, it... (1 Reply)
Discussion started by: 915086731
1 Replies

LEARN ABOUT LINUX

dacs_autologin_ssl

DACS_AUTOLOGIN_SSL(8)					     DACS Web Services Manual					     DACS_AUTOLOGIN_SSL(8)

NAME

       dacs_autologin_ssl - use an SSL client certificate to automatically obtain DACS credentials

SYNOPSIS

       dacs_autologin_ssl [dacsoptions[1]]

DESCRIPTION

       This program is part of the DACS suite.

       The dacs_autologin_ssl CGI program, in conjunction with appropriate DACS configuration and a valid SSL client certificate, can be used for
       user-transparent DACS authentication. A user is not prompted for a username or password, and no user-visible sign-on procedure takes place.

       At present, the program merely acts as glue to indirectly invoke dacs_authenticate(8)[2]. Any valid X.509 certificate can be used for this
       purpose, including a self-signed certificate. Please refer to the OpenSSL[3] documentation for additional information about certificates.

       This program can be used to automatically and transparently authenticate a user that has been issued an SSL client certificate. When an
       unauthenticated user is denied access to a DACS-wrapped resource, she can be automatically authenticated and redirected back to the
       resource without any user input or action. This assumes that the client certificate is sent automatically by the browser and that no
       additional user prompting is needed by the authenticating jurisdiction. For redirection to the original resource to work properly. the
       original request must have used the GET method.

	   Note
	   The cert style of authentication must be configured when dacs_autologin_ssl is being used as described. See dacs_authenticate(8)[4].

OPTIONS

       Only the standard dacsoptions[1] command line arguments are recognized.

   Web Service Arguments
       dasc_autologin_ssl understands the following CGI arguments.

       DACS_ERROR_URL
	   When dacs_autologin_ssl is invoked as a result of DACS event handling, DACS_ERROR_URL is automatically passed to it by dacs_acs(8)[5]
	   and represents the original URL to which access was denied. In typical use, dacs_autologin_ssl is configured as the handler for a
	   dacs_acs 902 error code (NO_AUTH, "Authentication by DACS is required").  dacs_autologin_ssl then invokes dacs_authenticate. If DACS
	   authentication is successful, dacs_authenticate ordinarily issues a browser redirect to the value of DACS_ERROR_URL and a cookie
	   bearing the credentials are set in the browser (but see the NOREDIRECT argument). This argument is optional; if not provided, the
	   jurisdiction's configured post-authentication action will occur.

       NOREDIRECT
	   If this optional argument is present (its value is immaterial), dacs_autologin_ssl instructs dacs_authenticate to not issue a browser
	   redirect to the value of DACS_ERROR_URL.

       AUTH_JURISDICTION
	   If this optional argument is present, it gives the name of the jurisdiction at which authentication should take place. By default,
	   dacs_authenticate is invoked at the same jurisdiction as dacs_autologin_ssl.

       CERT_NAME_ATTR
	   This optional argument explicitly names the attribute in the certificate from which to set USERNAME. The default value is
	   SSL_CLIENT_S_DN_CN. It is an error if the specified attribute name does not exist. Giving the value of CERT_NAME_ATTR as the empty
	   string results in the empty string being passed as the value of USERNAME.

EXAMPLE

       A typical use of dacs_autologin_ssl is to transparently authenticate a user via his SSL client certificate.

       In the DACS configuration file, dacs.conf, jurisdiction EXAMPLE is configured as follows (this excerpt from a configuration file uses
       fictitious domain names):

	   <Jurisdiction uri="example.com">

	   JURISDICTION_NAME "EXAMPLE"

	   ACS_ERROR_HANDLER "NO_AUTH https://example.com/cgi-bin/dacs/dacs_autologin_ssl"

	   <!-- Authenticate using an SSL certificate. -->
	   <Auth id="cert">
	   URL "https://example.com/cgi-bin/dacs/local_cert_authenticate"
	   STYLE "cert"
	   CONTROL "sufficient"
	   CERT_CA_PATH "/usr/local/apache2.2/conf/ssl.crt"
	   CERT_NAME_ATTR "SSL_CLIENT_S_DN_CN"
	   </Auth>

	   </Jurisdiction>

       Assume the following access control rule applies to the request:

	   <acl_rule status="enabled">
	     <services>
	       <service url_pattern='/foo.html'/>
	     </services>

	     <rule order="allow,deny">
	       <allow>
		 user("auth")
	       </allow>
	     </rule>
	   </acl_rule>

       The preceding configuration results in the following behaviour. An unauthenticated user accessing foo.html (https://example.com/foo.html)
       is denied access because the rule governing that web page tests for authentication and no credentials are sent with the request. As a
       result, the ACS_ERROR_HANDLER[6] directive causes the user to be redirected to dacs_autologin_ssl, which redirects the user to
       dacs_authenticate, passing arguments as necessary.

       dacs_authenticate then invokes local_cert_authenticate[4], passing it the client's certificate. The certificate is validated and a username
       is extracted from it and mapped to a valid DACS username.

       If authentication succeeds, DACS credentials for the jurisdiction EXAMPLE are generated. These credentials are returned to the browser
       within a cookie and the browser is redirected to the value of DACS_ERROR_URL (recall that DACS_ERROR_URL was passed to dacs_autologin_ssl
       by dacs_acs when the 902 handler was invoked and was forwarded to dacs_authenticate). In this example the user is redirected to
       https://example.com/foo.html. Given the rule above, this time the user's request for foo.html will be granted.

       dacs_autologin_ssl may also be used as the target of an explicit authentication link. For example:

	   <a href="https://example.com/cgi-bin/dacs/dacs_autologin_ssl?
	   AUTH_JURISDICTION=EXAMPLE&
	   DACS_ERROR_URL=https://example.com/cgi-bin/dacs/dacs_current_credentials">Login</a>

       Following the link should result in the user being authenticated and redirected to the specified URL.

DIAGNOSTICS

       The program exits 0 if everything was fine, 1 if an error occurred.

SEE ALSO

       dacs_authenticate(8)[2], dacs_acs(8)[5], dacs.conf(5)[7], autologin(8)[8]

AUTHOR

       Distributed Systems Software (www.dss.ca[9])

COPYING

       Copyright2003-2012 Distributed Systems Software. See the LICENSE[10] file that accompanies the distribution for licensing information.

NOTES

	1. dacsoptions
	   http://dacs.dss.ca/man/dacs.1.html#dacsoptions

	2. dacs_authenticate(8)
	   http://dacs.dss.ca/man/dacs_authenticate.8.html

	3. OpenSSL
	   http://www.openssl.org

	4. dacs_authenticate(8)
	   http://dacs.dss.ca/man/dacs_authenticate.8.html#local_cert_authenticate

	5. dacs_acs(8)
	   http://dacs.dss.ca/man/dacs_acs.8.html

	6. ACS_ERROR_HANDLER
	   http://dacs.dss.ca/man/dacs.conf.5.html#ACS_ERROR_HANDLER

	7. dacs.conf(5)
	   http://dacs.dss.ca/man/dacs.conf.5.html

	8. autologin(8)
	   http://dacs.dss.ca/man/autologin.8.html

	9. www.dss.ca
	   http://www.dss.ca

       10. LICENSE
	   http://dacs.dss.ca/man/../misc/LICENSE

DACS 1.4.27b							    10/22/2012						     DACS_AUTOLOGIN_SSL(8)
All times are GMT -4. The time now is 04:02 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy