Configure SSL certificate based client authentication method for WebSphere Application Server

Configure SSL certificate based client authentication method for WebSphere Application Server

+
Search Tips | Advanced Search

When we are using client certificate authentication with our Web modules, WebSphere security service attempts to map the data from the digital certificate with the user data of selected user registry, which can be either one of the following:

LocalOS
The certificate Distinguished Name (DN) is parsed and the name between the first equals (=) and comma (,) is used as the mapped name. If the DN does not contain the "=", the complete name is used. If there is no "," in the DN, everything after the "=" is used as the name.
LDAP
WebSphere provides two way of matching client certificate information to LDAP; mapping by exact distinguished name. Mapping by filtering certificate attributes.

.
If the certificate successfully maps to a user, then the holder of the certificate is regarded as the user in the registry and is authorized as this user.