User certificate authentication
Enterprises can now use X.509 client-side certificates to authenticate users, by applying a new user authentication realm to their existing security tests. This new realm is called UserCertificateAuthRealm. This feature allows enterprises to enroll users to their enterprise certificate authority (CA) directly from their mobile devices. The traffic between the MobileFirst application on the device and the MobileFirst Server in the enterprise can be secured over HTTPS with client-side certificates that are issued to the users as part of the initial enrollment process.
This feature is available only on the hybrid iOS and Android environments for this current release.
This feature is not supported with the FIPS 140-2 feature.
- User certificate authentication overview
The User Certificate Authentication feature is a newly introduced user authentication realm in IBM Worklight v6.1 that establishes user identity with an X.509 client certificate.
- Protecting resources with user certificate authentication
We can protect the application or adapter procedures with the user certificate authentication user realm.
- User certificate authentication on the server
Both the MobileFirst Server and its hosting application server must be configured to use the User Certificate Authentication feature. The application server must be configured for client-side SSL. The MobileFirst Server must be configured with a PKI bridge and an appropriate security test to use the feature.
- User certificate authentication on the client
The User Certificate Authentication feature requires little configuration on the client side. The MobileFirst client run time takes care of most of the heavy lifting on the behalf. There are however, a few things we need to be aware of to ensure successful and secure communication with the server.
- Troubleshooting the User Certificate Authentication feature
Find solutions to problems with the User Certificate Authentication feature.
Parent topic: Monitoring and mobile operations