|
|
|
The following describes the process flow for logging in to Web Services configured with PKI authentication:
|
Process |
Description |
|---|---|
|
Load the Digital Certificate and Extract |
The digital certificate must be stored in secure storage on the user side, where it can be retrieved and used for logging in to Web Services. Example of secure storages include the following:
A user application should be able to load the digital certificate and extract the private key using appropriate APIs, depending on user environments.
|
|
Create a Digital Signature of the Plain |
After the private key is extracted from the digital certificate, it can be used to generate a digital signature of policy code. Creating a digital signature encrypts a digest of a text with a private key. The digest algorithm must be standard SHA1, and the encryption algorithm should be RSA. Also, the binary digital signature should be converted to BASE64 text format before it can be used for logging in to Web Services. Depending on user environments, appropriate API calls should be used to archive this information.
|
|
Invoke the Web Service Call |
A user application should invoke the Web Services method loginServiceManaged(), along with the plain text policy code and the BASE64 text formatted digital signature of the policy code. |
|
Obtain the Returned SID |
If the access request is authenticated, a plain text SID is automatically returned. |
After a SID is generated, it establishes a successful binding between a Web Service session and an access policy. The user application can invoke other web services methods with this SID, and all of its access to Web Services becomes controlled and managed by this access policy.
| Copyright © 2012 CA. All rights reserved. |
|