Enable the identity provider (IdP) to get the user identity from the
certificate itself.
This procedure enables the IdP to
get the user identity from the certificate itself. It also provides a warning for
certificate expiration.
How to
-
Log in to the Enterprise Application Access (EAA) Management Portal.
-
From the top menu bar, click .
-
Locate the IdP that you want to
enable for certificate-based validation.
-
Click the Settings (gear) icon to modify or configure
the settings of the identity provider.
-
In the General settings,
select the Certificate
validation.
The Certificate
preference menu appears.
-
Select the CA certificate issuer that you want to use to
validate the end user’s certificate.
-
In the Certificate identity
attribute menu, select the attribute that identifies the user in
the certificate.
-
If you want to enable a
certificate validation method, in the Certificate validation
method menu, select OCSP.
-
In the Select OCSP
field, select an OCSP.
-
If you entered a Validation URL
under , that will be used. If not, it will be extracted from the
certificate.
-
In the Certificate onboard
URL field, enter the URL where the user is redirected if no
certificate is provided.
-
If the certificate identity
selected in step 7 identifies the username, select Certificate identity is
username. When this option is selected, it enables
certificate-based authentication for a user.
-
In Certificate expiration
duration warning field, enter the number of days before which
the end user receives a warning message before the certificate expires. This is
optional.
-
To save the changes, click
Save and
exit or Save and go to
Directories.
Next steps
For changes to go into effect, Deploy the identity provider.