How to enable and configure certificate-based authentication for an identity provider
(IdP).
Note: If you are modifying a
previously created identity provider (IdP), changes to the IdP do not take effect
until the applications associated with the IdP are deployed.
How to
-
Log in to the Enterprise
Application Access (EAA) Management Portal.
-
From the top menu bar, click
.
-
Locate the IdP that you want to
enable for certificate-based authentication.
-
Click the Settings (gear)
icon to modify or configure the settings of the identity provider.
-
In the General
Settings, select the Certificate
validation setting.
-
Select the CA certificate
issuer that you want to use to validate the end user’s
certificate.
-
In the Certificate identity
attribute menu, select the attribute in the certificate for the
username.
-
In the Certificate validation
method menu, select either None or
OCSP .
-
If you select OCSP, the Select
OCSP field appears.
-
Select an OCSP from the list.
-
Optionally, in the Certificate Onboard
URL field, enter the URL where the user is redirected if no
certificate is provided.
Note: Leave the Certificate identity is
username checkbox unselected.
-
To save the changes click
Save and
exit or Save and go to
directories.
Next steps
For the changes to go into effect,
Deploy the identity provider.