Introduction

WebSEAL uses the Cross Domain Authentication Service (CDAS) to authenticate a user and provide a Security Verify Access user identity.

The client certificate user-mapping CDAS provides a mechanism by which WebSEAL can use the details of a client certificate to determine the corresponding Security Verify Access user identity. The rules that govern the mapping of the client certificate are defined in XSL style notation. If no rules file is provided, by default the Security Verify Access user identity is determined by the Subject DN from the certificate.

The CDAS supports all user registries that Security Verify Access supports.

The rules evaluation can return an LDAP search string. This string representation of the LDAP search filter must be in accordance with the format described in RFC 2254.

• Example Rules
  The new CDAS gives the user more flexibility in mapping attributes contained within the certificate to the Security Verify Access user identity.
• Certificate User Mapping Rule language
  
• UMI XML document model
  
• Containers and XML UMI container names
  
• XML certificate model
  

Parent topic: Client Certificate User Mapping