If I had to outline the steps for JBoss/Tomcat:
- SSL enable your port with client authentication turned on in server.xml
- Alternatively, configure your web.xml with a <login-config> element and <auth-method>CLIENT-CERT</auth-method>
-Create a
JBoss callback handler class that implements org.jboss.security.CertificatePrincipal
-Declare your callback handler class in the "certificatePrincipal" attribute of the "Realm" element in server.xml
You'll notice that CertificatePrincipal will pass in the certificate chain in an array X509Certificate[].
- call getSubjectDN() on the relevant X509Certificate
- use the String API to capture the CN
Cheers