Policy Server Guides › Policy Server Configuration Guide › Authentication Schemes › X.509 Client Certificate and Basic Authentication Schemes

X.509 Client Certificate and Basic Authentication Schemes

The X.509 Client Certificate and Basic authentication scheme combines Basic authentication and X.509 Client Certificate authentication. This authentication scheme provides an extra layer of security for critical resources.

In order for a user to authenticate successfully, the following two events must occur:

• The user's X.509 client certificate must be verified.

  AND

• The user must provide a valid user name and password.

For X.509 Client Certificate authentication, SiteMinder processes authentication using the following steps:

1. The Policy Server instructs the SiteMinder Web Agent to redirect the user to an SSL server and map the user's certificate to the server.
2. SiteMinder verifies the user exists.
3. SiteMinder verifies the user's basic credentials.
4. SiteMinder verifies that the certificate credentials and the basic credentials represent the same user.