0 Replies Latest reply on Mar 22, 2011 4:09 PM by 849422

    Implementing client-cert auth in web.xml in Oracle Application Server


      I am new to implementing security features on the web applications.. I have developed a new web service using jdev1012 and deployed in OAS 10.1.2. Its working fine according to the business requirements, but I am in need of implementing client-cert authentication to enable the web service available to only those who have client certificate.

      My server details are:

      Oracle Application Server 10g Release 2 (10.1.2)
      Server certificate is in place and SSL mode have been already enabled.. able to access my web service through https://<mydomain.com>/myws/TreqWS as well able to see the WSDL file through https://<mydomain.com>/myws/TreqWS?WSDL.

      I tried to include the following in my web.xml file as part of implementing CLIENT-CERT authentication.
      <realm-name>WSCollection</realm-name> <!-- am not sure about this realm-name and its purpose -->

      It is not woking as expected, though I have restarted my oc4j container after including this content to the web.xml file. i.e, I am able to invoke the web service though my sample java client program, though I donot have client certificate/keystore.

      I believe I am missing something..Can anyone help me in this regard to implement CLIENT-CERT authentication successfully?