The X.509 Client Certificate and HTML Forms authentication scheme combines HTML Forms authentication and X.509 Client Certificate authentication. This authentication scheme provides an extra layer of security for critical resources. In order for a user to authenticate successfully, the following two events must occur:
AND
For X.509 Client Certificate authentication, CA SiteMinder® processes authentication using the following steps:
Ensure the following prerequisites are met before configuring a X.509 Client Certificate and HTML Forms authentication scheme:
Note: If the Policy Server is operating in FIPs mode, ensure the certificate was generated using only FIPS-approved algorithms.
Note: For Apache Web servers where Certificates are required or optional, the SSL Verify Depth 10 line in the httpd.conf file must be uncommented.
The certificate and forms data are collected and passed to the Policy Server together.
If... |
then... |
---|---|
There is no certificate |
CA SiteMinder® issues error 500 |
The certificate and forms credentials are not accepted |
CA SiteMinder® issues error 500 |
The X.509 Client Certificate and HTML Forms uses the Sm_AuthApi_Cred_SSLRequired and the Sm_AuthApi_Cred_FormRequired bits.
You can use an X.509 Certificate and HTML authentication scheme to combine certificate authentication and HTML forms-based authentication.
Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object. For more information, see Duplicate Policy Server Objects.
Follow these steps:
The Authentication Schemes page appears.
Verify that the Create a new object of type Authentication Scheme is selected.
The Create Authentication Scheme page appears.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
Scheme-specific settings open.
The authentication scheme is saved and can be assigned to a realm.
Copyright © 2013 CA.
All rights reserved.
|
|