[cas-dev] More login flow gotchas
Velpi
velpi at industria.be
Tue Jun 27 09:15:05 EDT 2006
Here's some very interesting information about that:
http://jack.godau.googlepages.com/jbosscertificatesandopenssl
(see 5. Client Configuration)
> - Firefox prompts you to select which cert to send whenever it is
> asked for a client cert.
It's configurable. By default the 1.5 version (windows at least) checks the list
of trusted issuers and tries to send one that matches without a user prompt. So
the default of firefox 1.5 has been chosen pretty good, lucky us... (don't know
what happens if there are multiple certs that match)
> - I believe IE prompts as well, but I can't say I'm 100% sure on that
> (having never actually used it).
note that IE is a party crasher when you set the http connector to
clientAuth="want" as that will popup the (empty) list for all users not having a
cert, which is most likely the largest group at the moment. That option is also
configurable though:
"Don't prompt for client certificate selection when no certificates or only one
certificate exists"
It's disabled by default. I wonder why MS didn't put that at enabled by default,
ah well...
--Velpi
More information about the cas-dev
mailing list