|
|
|
The Scheme Setup tab for X.509 Client Certificate or Basic authentication is where you enter server and target information for your certificate authentication scheme.
Fully qualified domain name of the SSL server.
Note: IP addresses are not supported.
This is the server that is responsible for establishing an SSL connection. Although it is possible, this is usually not the same server where the Web Agent is installed.
The server acts as the beginning of the URL that SiteMinder uses to redirect a user’s X.509 certificate over an SSL connection. Domain names must contain at least 2 periods and be specified using the following format:
servername.host.com:[port]
Example: server1.security.com. The port is only required for communication over a non-default port.
Path and name for the SSL Credentials Collector (SCC).
The target tells the SiteMinder Web Agent what to use to invoke the SCC. It completes the URL that SiteMinder uses to redirect the user’s credentials over an SSL connection and process certificate authentication. The target can be customized in circumstances where proxy servers require specific URLs in order to support Basic over SSL authentication.
SiteMinder provides a default path when you select the X.509 Client Certificate authentication scheme.
Select this check box if basic user name/password credentials should be delivered over an SSL connection.
Fully qualified name of the SSL server. Enter a value in this field if the Basic Credentials Over SSL check box is selected.
This server is responsible for establishing an SSL connection for basic authentication. Although it is possible, this server is usually not the same server where the Web Agent is installed.
The server acts as the beginning of the URL that SiteMinder uses to redirect a user’s credentials over an SSL connection. The syntax for the server differs slightly based on the type of Web server on which the Web Agent is installed. The following definitions describe the proper syntax for the Server field based on the Web server type:
IIS or Oracle iPlanet web servers— servername.domain:port
Apache—servername.domain:port
Domain names must contain at least 2 periods. For example:
.security.com
Path and name for the SSL Credentials Collector (SCC).
The target tells the SiteMinder Web Agent what to use to invoke the SCC. It completes the URL that SiteMinder uses to redirect the user’s credentials over an SSL connection for basic authentication. The target can be customized in circumstances where proxy servers require specific URLs in order to support Basic over SSL authentication.
SiteMinder provides a default path when you select the X.509 Client Certificate authentication scheme.
Note: When this authentication scheme is associated with a realm, users who attempt to access a resource in the protected realm may be authenticated with a valid X.509 client certificate or by a user name and password that can be located and verified in a user directory associated with the realm’s policy domain.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |