Previous Topic: X.509 Client Certificate or HTML Forms Scheme PrerequisitesNext Topic: Anonymous Authentication Schemes


Agent API Support

In the Agent API, the value Sm_AuthApi_Cred_CertOrForm has been added to the enumerated type Sm_Api_Credentials_t. Sm_Api_Credentials_t specifies the credentials, if any, that are required for a user to access the realm referenced by the structure Sm_AgentApi_Realm_t. The enumerated type applies to the nRealmCredentials field of the structure.

The new value specifies that user authentication requires either an X.509 certificate or a forms-based authentication scheme.

Configure an X.509 Certificate or HTML Forms Authentication Scheme

You can use an X.509 Certificate or HTML Forms authentication scheme to implement certificate authentication or HTML forms-based authentication.or both.

Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object. For more information, see Duplicate Policy Server Objects.

Follow these steps:

  1. Click Infrastructure, Authentication.
  2. Click Authentication Schemes.

    The Authentication Schemes page appears.

  3. Click Create Authentication Scheme.

    Verify that the Create a new object of type Authentication Scheme is selected.

  4. Click OK

    The Create Authentication Scheme page appears.

    Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

  5. Enter a name and a protection level.
  6. Select X509 Client Cert or Form Template from the Authentication Scheme Type list.

    Scheme-specific settings open.

  7. Enter server and target information.
  8. (Optional) Select Persist Authentication Scheme Data in Scheme Setup. This option specifies that authentication context data is saved in the session store.
  9. Click Submit.

    The authentication scheme is saved and can be assigned to a realm.

Note: For Apache Web servers where Certificates are required or optional, uncomment the SSL Verify Depth 10 line in the httpd.conf file.