For IIS 7.x (Windows only) and Apache-based web servers, you can link a client certificate with a CA SiteMinder® session. This feature verifies that the following identities match:
If these items do not match, the product blocks transactions.
To use this feature, do the following tasks:
Use an X.509 Certificate authentication scheme (other authentication schemes are not supported).
The following graphic describes how to link a client certificate with a session:
Follow these steps:
Adding the plug-in is the first step of linking the client certificate with the session.
Follow these steps:
WebAgent.conf
LoadPlugin="web_agent_home\bin\HttpPlugin.dll"
LoadPlugin="web_agent_home\bin\CertSessionLinkerPlugin.dll"
Note: The CertSessionLinkerPlugin must follow the HttpPlugin.
The plug-in is added. Continue by adding your configuration parameters.
Set the agent configuration parameters after adding the plug-in.
Follow these steps:
Lists the attributes of the certificate by which it is uniquely identified. The following certificate attributes are available:
Note: The sequence of the values in in this parameter does not matter.
Default: Disabled (only the serialnumber and the issuerdn attributes are matched).
Specifies the maximum number of entries that the agent cache contains.
Note: For any Apache-based servers operating on UNIX, we recommend setting the value of the singleprocessmode parameter to no. This setting creates a multi‑process cache which shares information across multiple requests. This setting improves performance when the Apache-based server runs in pre‑fork mode.
Default: 1000
Certificates are linked with sessions.
Copyright © 2014 CA.
All rights reserved.
|
|