|
|
|
Distinguished Name the server certificate.
Note: Issuer DNs cannot exceed 255 characters if a relational database is used as a policy store; Issuer DNs cannot exceed 1000 characters if an LDAP directory server is used as a policy store.
In order for the certificate mapping to work, the value of the Issuer DN field must be identical to the certificate’s issuer DN (all characters, spaces, and punctuation). The Policy Server compares the Issuer DN from the user’s certificate with each Issuer DN specified for the certificate mapping.
Note: The issuer DN will differ according to the Web Server vendor. For example, the issuer DN for a certificate on an IIS Web server is different from the issuer DN for the same certificate on an Apache Web server.
The following is an example of an issuerDN:
IssuerDN=CN=VeriSign Class 1 CA Individual Subscriber-Persona Not Validated, OU=\"www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)98\", OU=VeriSign Trust Network, O=\"VeriSign, Inc.\"
For information on finding the Issuer DN, contact your Certificate Authority (CA).
Type of directory to which the certificate will be mapped.
The directory that you select indicates the type of directory that will be used to authenticate users. Valid directory types include LDAP/AD, WinNT, and ODBC.
A user directory connection must be configured for the authentication directory using the SiteMinder User Directory dialog.
Select this check box for SiteMinder to verify that the certificate presented by the user matches the certificate stored in the user’s entry in the authentication directory.
You may only select this check box if the authentication directory is an LDAP user directory.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |