Policy Server Guides › Policy Server Configuration Guide › Authentication Schemes › X.509 Client Certificate Authentication Schemes › Configure an X.509 Certificate Authentication Scheme

Configure an X.509 Certificate Authentication Scheme

In addition to setting up the SSL environment, complete the following process to configure certificate authentication:

1. Set up your environment to handle SSL communication. The client browser, the web server and any user certificates must be configured to accept and perform certificate authentication.
2. Ensure that when you installed a SiteMinder Web Agent you configured it to handle SSL authentication.
3. Configure a SiteMinder X.509 authentication scheme in the Administrative UI.
4. Define certificate mappings to identify a user in a directory based on the information in the client certificate.
5. (Optionally) Configure certificate validation using CRLs or OCSP.

Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object. For more information, see Duplicate Policy Server Objects.

To configure the authentication scheme

1. Click Infrastructure, Authentication.
2. Click Authentication Scheme, Create Authentication Scheme.

   The Create Authentication Scheme pane opens.

3. Click OK.

   Authentication scheme settings open.

   Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

4. Select the X.509 Client Cert Template from the Authentication Type Style list.

   Scheme-specific settings open.

5. Enter a name and a protection level in the General group box.
6. Enter the server name and target information for the SSL Credentials Collector in the Scheme Setup group box.
7. Click Submit.

   The authentication scheme is saved and can be assigned to a realm.

The X.509 certificate authentication scheme is now configured in the Administrative UI. Now set up certificate mapping.