Previous Topic: Certificate Mapping

Next Topic: Test a Certificate Mapping

Configure a Certificate Mapping

You can configure a certificate mapping that lets SiteMinder determine how to compare a user's certificate with the information stored in the user directory.

To configure an Impersonation authentication scheme

  1. Click Infrastructure, Directory.
  2. Click Certification Mapping, Create Certificate Mapping.

    The Create Certificate Mapping pane opens.

    Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

  3. Type the certificate issuer DN in the Issuer DN field.

    Note: You must escape reserved special characters with a backslash (\). More information on reserved special characters for LDAP distinguished names exists at http://www.faqs.org/rfcs/rfc2253.html. Special characters include:

    Note: Issuer DNs cannot exceed 255 characters if a relational database is used as a policy store; Issuer DNs cannot exceed 1000 characters if an LDAP directory server is used as a policy store.

  4. Specify how the X.509 client certificate is to map user authentication information in the authentication directory on the Mapping group box.
  5. (Optional) Select Perform CRL Checks on the Certificate Revocation List (CRL) Checking group box, and specify the CRL settings on the group box.
  6. Click Submit.

    The Create Certificate Mapping task is submitted for processing.


Copyright © 2010 CA. All rights reserved. Email CA about this topic