|
|
|
The Scheme Setup tab for X.509 client certificate authentication is where you enter server and target information for your certificate authentication scheme.
Fully qualified domain name of the SSL server.
Note: IP addresses are not supported.
This is the server that is responsible for establishing an SSL connection. Although it is possible, this is usually not the same server where the Web Agent is installed.
The server acts as the beginning of the URL that SiteMinder uses to redirect a user’s X.509 certificate over an SSL connection. Domain names must contain at least 2 periods and be specified using the following format:
servername.host.com:[port]
Example: server1.security.com. The port is only required for communication over a non-default port.
Path and name for the SSL Credentials Collector (SCC).
The target tells the SiteMinder Web Agent what to use to invoke the SCC. It completes the URL that SiteMinder uses to redirect the user’s credentials over an SSL connection. The target can be customized in circumstances where proxy servers require specific URLs in order to support Basic over SSL authentication.
The Policy Server User Interface provides a default path when you select the X.509 Client Certificate authentication scheme.
Note: When this authentication scheme is associated with a realm, users who attempt to access a resource in the protected realm must have a valid X.509 client certificate that can be verified by SiteMinder using a server certificate. In addition, the user must supply a user name and password that can be located and verified in a user directory associated with the realm’s policy domain.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |