|
|
|
SiteMinder requires certificate mappings for X.509 Client Certificate authentication schemes. Without a certificate mapping, SiteMinder cannot establish trust between a client certificate and the certificate authority that issued the certificate. Without an established trust, X.509 client certificates cannot be used to verify a user’s identity.
X.509 client certificates contain the DN of the issuing Certificate Authority (CA), the Subject DN of the client certificate, the ID of the algorithm used for the certificate, and extensions. A certificate mapping in the Policy Server User Interface describes how a user’s subject DN can be mapped to a user DN in an authentication directory.
The user DN is a unique way of identifying a particular user. If you want to use an X.509 Client Certificate authentication scheme to provide security for a realm, you must create a certificate mapping in order for the authentication scheme to function.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |