Enable certificate-based user validation in Akamai IdP

Enable the identity provider (IdP) to get the user identity from the certificate itself.

Before you begin

To use this feature you must Add a certificate to EAA from a trusted certificate authority (CA) to validate the client certificate and associate the certificate to the application. The client certificate must be uploaded to the user’s device.

If you want to create a new OCSP, see Create an online certificate status protocol (OCSP) and then return to this procedure.

This procedure enables the IdP to get the user identity from the certificate itself. It also provides a warning for certificate expiration.

How to

  1. Log in to the Enterprise Application Access (EAA) Management Portal.
  2. From the top menu bar, click Identity > Identity Provider.
  3. Locate the IdP that you want to enable for certificate-based validation.
  4. Click the Settings (gear) icon to modify or configure the settings of the identity provider.
  5. In the General settings, select the Certificate validation.
  6. Select the CA certificate issuer that you want to use to validate the end user’s certificate.
  7. In the Certificate identity attribute menu, select the attribute that identifies the user in the certificate.
  8. If you want to enable a certificate validation method, in the Certificate validation method menu, select OCSP.
  9. In the Select OCSP field, select an OCSP.
  10. If you entered a Validation URL under System > OCSP, that will be used. If not, it will be extracted from the certificate.
  11. In the Certificate onboard URL field, enter the URL where the user is redirected if no certificate is provided.
  12. If the certificate identity selected in step 7 identifies the username, select Certificate identity is username. When this option is selected, it enables certificate-based authentication for a user.
  13. In Certificate expiration duration warning field, enter the number of days before which the end user receives a warning message before the certificate expires. This is optional.
  14. To save the changes, click Save and exit or Save and go to Directories.

Next steps

For changes to go into effect, Deploy the identity provider.