Client-side certificate authentication modes

Client-side certificate authentication enables a user to use a client-side digital certificate to request an authenticated identity for use within an ISAM secure domain. When authentication is successful, WebSEAL obtains an ISAM identity used to build a credential for the user. The credential specifies the permissions and authorities to be granted to the user.

Client-side certificate authentication is disabled by default.

WebSEAL supports client-side certificate authentication in three different modes. The administrator must specify the appropriate mode at configuration time. The following sections describe each mode:

• Required certificate authentication mode
  In the required certificate authentication mode, WebSEAL always requires a client-side certificate with the first HTTPS request.
• Optional certificate authentication mode
  
• Delayed certificate authentication mode
  

Parent topic: Client-side certificate authentication