Improve certificate auth

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
index 16cc7ac19548141679bc25d9c5c4c8673bc5475f..83accceb4d6f1047a6a4eb9ba11b120a2f40db13 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
@@ -14,6 +14,7 @@ import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 
+import javax.naming.InvalidNameException;
 import javax.naming.ldap.LdapName;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
@@ -94,8 +95,15 @@ public class UserAdminLoginModule implements LoginModule {
                        // // TODO locale?
                } else if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)
                                && sharedState.containsKey(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN)) {
-                       // NB: required by Basic http auth
-                       username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
+                       String certificateName = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
+                       LdapName ldapName;
+                       try {
+                               ldapName = new LdapName(certificateName);
+                       } catch (InvalidNameException e) {
+                               e.printStackTrace();
+                               return false;
+                       }
+                       username = ldapName.getRdn(ldapName.size()-1).getValue().toString();
                        certificateChain = (X509Certificate[]) sharedState.get(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN);
                        password = null;
                } else if (singleUser) {