"Sathya`" wrote in message
news:3f840221$1@newsgroups.bea.com...
> Hi,
>
> I am using CLIENT-CERT auth-method in my web.xml to activate
IdentityAsserter. So the cookie can transfer from web server to app
server(perimeter authentication).
>
> After implement this I am not able to access the resources directly which
are protected. Because CLIENT-CERT expects user credientials from out side
the server(perimeter authentication).
>
> Could some one tells me how to go about this to work in both
condition(BASIC as well as CLIENT-CERT).
>
> is web container supports to use Hybrid Authentication mechanism (BASIC,
FORM, CLIENT-CERT)?
>
> early reply will be good.
>

We have an enhancement cr to separate identity assertion from client-cert
and allow it to work with
any of the authentication options. If identity tokens are present, then
identity assertion would occur. If
not, then the configured authentication (basic, form, etc.) would occur.

Until that is present, you may be able to use the assertIdentity public api
(I think it is available in 8.1 sp2, 7.0 sp5) and call that if identity
assertion tokens are present and then do a runAs with the returned subject.

Hi,

Thanks for the reply. I have the same issue.
When will this enhancement be available? (Hopefully soon)

Kai

"Peter" wrote:
>
>"Sathya`" wrote in message
>news:3f840221$1@newsgroups.bea.com...
>> Hi,
>>
>> I am using CLIENT-CERT auth-method in my web.xml to activate
>IdentityAsserter. So the cookie can transfer from web server to app
>server(perimeter authentication).
>>
>> After implement this I am not able to access the resources directly
>which
>are protected. Because CLIENT-CERT expects user credientials from out
>side
>the server(perimeter authentication).
>>
>> Could some one tells me how to go about this to work in both
>condition(BASIC as well as CLIENT-CERT).
>>
>> is web container supports to use Hybrid Authentication mechanism (BASIC,
>FORM, CLIENT-CERT)?
>>
>> early reply will be good.
>>
>
>We have an enhancement cr to separate identity assertion from client-cert
>and allow it to work with
>any of the authentication options. If identity tokens are present, then
>identity assertion would occur. If
>not, then the configured authentication (basic, form, etc.) would occur.
>
>Until that is present, you may be able to use the assertIdentity public
>api
>(I think it is available in 8.1 sp2, 7.0 sp5) and call that if identity
>assertion tokens are present and then do a runAs with the returned subject.
>
>
>

"Kai" wrote in message news:3f8c10c2$1@newsgroups.bea.com...
>
> Hi,
>
> Thanks for the reply. I have the same issue.
> When will this enhancement be available? (Hopefully soon)
>

I assume next version but the servlet container group owns the CR so I am
not sure - CR is CR122841

Thanks a lot Peter.

- Sathya.
"Peter" wrote:
>
>"Sathya`" wrote in message
>news:3f840221$1@newsgroups.bea.com...
>> Hi,
>>
>> I am using CLIENT-CERT auth-method in my web.xml to activate
>IdentityAsserter. So the cookie can transfer from web server to app
>server(perimeter authentication).
>>
>> After implement this I am not able to access the resources directly
>which
>are protected. Because CLIENT-CERT expects user credientials from out
>side
>the server(perimeter authentication).
>>
>> Could some one tells me how to go about this to work in both
>condition(BASIC as well as CLIENT-CERT).
>>
>> is web container supports to use Hybrid Authentication mechanism (BASIC,
>FORM, CLIENT-CERT)?
>>
>> early reply will be good.
>>
>
>We have an enhancement cr to separate identity assertion from client-cert
>and allow it to work with
>any of the authentication options. If identity tokens are present, then
>identity assertion would occur. If
>not, then the configured authentication (basic, form, etc.) would occur.
>
>Until that is present, you may be able to use the assertIdentity public
>api
>(I think it is available in 8.1 sp2, 7.0 sp5) and call that if identity
>assertion tokens are present and then do a runAs with the returned subject.
>
>
>