|
|
|
X.509 client certificates provides strong user authentication. However, in order for SiteMinder to use a certificate to identify a user, the certificate must be compared to a user's information in a directory. SiteMinder uses a certificate mapping to determine how to compare a user's certificate with the information stored in the user directory.
SiteMinder supports certificate mapping for users whose authentication information is stored in a WinNT, Microsoft SQL Server, Oracle, or LDAP user directory. A certificate mapping defines how data in the certificate is mapped to form a user Distinguished Name (DN). The Policy Server uses this user DN to authenticate the user.
If certificates are stored in an LDAP directory, a certificate mapping can direct the Policy Server to verify that the certificate presented by the user matches the certificate associated with the user DN in the LDAP directory.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |