For our next software release we want to implement a certificate based authentication. To do this we've set up the Tomcat SSL connector to require a client certificate. Basically this works fine but if the client holds multiple certificates for authentication, I get a popup (from Browser or Web Start). Unfortunately, after I've selected a certificate I get the same dialog a second time so that I have to select the certificate twice.
The prolem is, that there are called two URLs on startup: first the jnlp and then the jsp (by your PageApplet class, when loading the enterprise client applet).
Do you have any idea how to avoid this second certificate dialog?
I assume that the second one is a different context/session and therefore the second certificate request comes up.
hmm... for reproducing we need some support with setting this up (or: do you have a link where we can reproduce? If so: plese send us by mail...).
In general:
The Enterprise Client does not take over the browser's session (multiple browsers share the same session + all these problems...) but by default creates an own http session per client instance.
There is a client parameter that you may append to your .ccwbstart or .ccapplet URL: ccsamesession=true
I've tried the ccsamesession=true parameter, but this has no effect.
I did some search in google again, and it seems that this is a general problem when loading an applet. Currently I'm looking for a workarround - do you think that it would be possible to do the initial call via http and then load the applet via https? So we would avoid the first popup and only have to do the certificate selection in the popup of the applet.