| Paul Ilechko 2006-01-29, 9:47 pm |
| vivek_manglani@yahoo.com wrote:
> We have an environment here where we are using IIS 5.1 as a web
> server and WAS 6.0.2.5 as the app server. The user is authenticated
> in IIS using Client PKI certificate. The code on the app server then
> tries to read the certificate using the $WSCC header in the request.
> When we try to cast the $WSCC header using the X509Certificate class
> we get the following error:
>
> [1/25/06 17:22:40:119 EST] 0000002b SystemOut O ERROR
> [WebContainer : 2] (UserAccessFilter.java:147) - Certificate
> exception javax.security.cert.CertificateException:
> InvocationTargetException: javax.security.cert.CertificateException:
> java.io.IOException: java.io.IOException: DerValue.getIA5String, not
> IA5 30
>
> We are trying to read the certificate to extract the e-mail address
> which will be used to query Active Directory to obtain additional
> information about the user.
>
> Any suggestions or pointers are greatly appreciated.
Are you using WebSphere security? If not, I strongly recommend that you
do, and that you configure certificate authentication at WAS, not at the
Web Server. You will then be able to use standard J2EE calls to get user
information - take at look at the section headed "Who Called Me" in the
following presentation:
ftp://ftp.software.ibm.com/software...ancedTopics.pdf
(This is 5.1 presentation, but still mostly valid for 6.0)
I think you would need to get the WSCredential as per the presentation,
and then get the Security Name from the credential, and that should be
the DN of your Active Directory.
|