Policy Server Guides › Policy Server Configuration Guide › Authentication Schemes › X.509 Client Certificate and HTML Forms Authentication Schemes

X.509 Client Certificate and HTML Forms Authentication Schemes

The X.509 Client Certificate and HTML Forms authentication scheme combines HTML Forms authentication and X.509 Client Certificate authentication. This authentication scheme provides an extra layer of security for critical resources. In order for a user to authenticate successfully, the following two events must occur:

• The user's X.509 client certificate must be verified.

  AND

• The user must provide the credentials requested by an HTML form.

For X.509 Client Certificate authentication, SiteMinder processes authentication using the following steps:

1. The Policy Server instructs the SiteMinder Web Agent to redirect the user to an FCC on an SSL-enabled web server.
2. The Web Agent presents the form.
3. The FCC passes the certificate and form back to the Policy Server.
4. The Policy Server verifies that the user in the certificate mapping exists.
5. The Policy Server verifies the user's HTML form credentials.
6. SiteMinder verifies that the certificate credentials and the HTML Forms credentials represent the same user.