+

Search Tips   |   Advanced Search

PKI bridge configuration

The PKI bridge is an interface between the MobileFirst Server and a business' public key infrastructure (PKI). Each realm definition that uses the WorklightCertificateAuthenticator must have a PKI bridge defined in its configuration.


User certificate identity versus standard MobileFirst user identity

The standard MobileFirst user identity contains basic user details and is built after a user realm is authenticated. The identity contains user name, display name, and extra attributes. The identity can be requested for each realm in a security test by authenticated resources, such as an adapter. For user certificate authentication, more details might be required, such as device ID and application name. These details are provided in the user certificate identity object that is sent to the PKI bridge.

A user certificate identity instance contains the following elements:


Custom PKI bridge interface

A custom PKI bridge can be implemented by extending the com.org.auth.ext.UserCertificatePKIBridge abstract class. The API for the PKI bridge abstract class can be found at UserCertificatePKIBridge.


Parent topic: User certificate authentication on the server