Introduction

WebSEAL uses the Cross Domain Authentication Service (CDAS) to authenticate a user and provide a Security Verify Access user identity.

The client certificate user-mapping CDAS provides a mechanism by which WebSEAL can use the details of a client certificate to determine the corresponding Security Verify Access user identity. The rules that govern the mapping of the client certificate are defined in XSL style notation. If no rules file is provided, by default the Security Verify Access user identity is determined by the Subject DN from the certificate.

The CDAS supports all user registries that Security Verify Access supports.

The rules evaluation can return an LDAP search string. This string representation of the LDAP search filter must be in accordance with the format described in RFC 2254.

Parent topic: Client Certificate User Mapping