Enable the CDAS functionality
We can enable the extended CDAS functionality.
To enable the extended CDAS functionality:
Steps
- Update the [cert-map-authn] stanza in the WebSEAL configuration file as follows:
[cert-map-authn] rules-file = file debug-level = levelwhere:
- file
- The name of the rules file for the certificate mapping CDAS to use.
- level
- Controls the trace level for the module.
For example:
[cert-map-authn] rules-file = cert-rules.txt debug-level = 5The level variable indicates the trace level, with 1 designating a minimal amount of tracing and 9 designating the maximum amount of tracing. We can also use the ISAM pdadmin trace commands to modify the trace level using the trace component name of pd.cas.certmap. This trace component is only available after the first HTTP request is processed.
- We can use the Local Management Interface (LMI) to modify the rules file (for example, cert-rules.txt) as required:
- Select Web > Global Settings > Client Certificate Mapping from the top menu. The Client Certificate Mapping management page displays.
- (Optional) If no rules files exist, we can click New to create a new rules file. Enter a name for the new file such as cert-rules.txt and click Save. A new file is generated that is based on the default template.
- Click the file to manage, such as cert-rules.txt, from the available list of File Names.
- Click Edit.
- Update the file.
- Click Save.
Parent topic: How to manage the CDAS