The X.509 Client Certificate and Basic authentication scheme combines Basic authentication and X.509 Client Certificate authentication. This authentication scheme provides an extra layer of security for critical resources.
For a user to authenticate successfully, the following two events must occur:
AND
For X.509 Client Certificate authentication, the Policy Server instructs the Web Agent to redirect the user to an SSL server and map the user’s certificate to the server. The Policy Server then verifies that the user exists, verifies the user’s basic credentials, and confirms that certificate credentials and the basic credentials represent the same user.
Verify that the following prerequisites are met before configuring a X.509 Client Certificate and Basic authentication scheme:
Note: If the Policy Server is operating in FIPs mode, ensure the certificate was generated using only FIPS-approved algorithms.
Note: For Apache Web servers where certificates are required or optional, the SSL Verify Depth 10 line in the httpd.conf file must be uncommented.
Use an X.509 Certificate and Basic authentication scheme to combine certificate authentication and basic authentication.
Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object. For more information, see Duplicate Policy Server Objects.
Follow these steps:
Verify that the Create a new object of type Authentication Scheme is selected.
Click OK
The authentication scheme is saved and can be assigned to a realm.
Copyright © 2014 CA.
All rights reserved.
|
|