Leggi e rivedi la documentazione di Automation Anywhere

Automation 360

Chiudi contenuti

Contenuti

Apri contenuti

Configure Smart Card authentication installation procedure

  • Aggiornato: 2022/03/08
    • Automation 360 v.x
    • Installa
    • Spazio di lavoro RPA

Configure Smart Card authentication installation procedure

Configure the Control Room to authenticate users using the Smart Card option.

Prerequisiti

Per eseguire questa operazione, è necessario essere Control Room amministratore e disporre dei diritti e dei permessi necessari.

Follow these steps to configure your Cloud Control Room to use Smart Card, X.509 certificate authentication.

Procedura

  1. Configure the secondary hostname to point to the Control Room load balancer.
    This process defines the secondary hostname used for authentication requests when the Control Room is configured for Smart Card authentication. The secondary hostname is configured within the Control Room load balancer automatically. Both the primary and secondary hostnames must be configured within the DNS system used by the Control Room environment (add DNS entries for primary and secondary hostnames - external to Control Room).
  2. How to obtain Java KeyStore with trusted CA certificates.
    Configure the location the Control Room will check for Certificate Authority (CA) certificates used to authenticate user certificates for user logins.
    Nota: The certificates in this location are the server certificates for the CAs that will issue the user certificates.
    OptionAction
    Periodically scan the following location

    This setting allows the administrator to define the path to keystore file containing the CA certificates. Use this setting if you periodically update the CA truststore and set the frequency of the scan.

    Upload the KeyStore manually

    This setting allows the administrator to load a keystore file containing the CA certificates. Use this setting if your CAs are known and static and indicate whether or not the keystore is password protected. If the keystore is password protected, supply and confirm the password.

  3. Select the revocation checking method.
    Revocation checking configures the Control Room to reject authentication requests for certificates that have been revoked.
    OptionAction
    Online Certificate Status Protocol (OSCP) Use this setting if your CA has OSCP implemented.
    Certificate Revocation List Use this setting if you maintain a static list of revoked certificates.
    No Revocation Checking Using this setting the Control Room will not perform revocation check.
    Nota: This is not recommended for production deployments where revocation will typically be used.
  4. Use the other method if selected method fails
    This setting will attempt to use the non-selected method of revocation checking if the configured method fails.
  5. Allow user to authenticate even if revocation status cannot be determined
    Use this setting to assure users can authenticate if either of the revocation check method fails.
  6. Configure user name mapping.
    User name mapping specifies which attribute of the user certificate is used for the Control Room username. The user name must be configured in the Control Room prior to the user logging into the Control Room and must match the user name derived from the certificate.
    1. Obtain user name from
      Certificate subject
      Use this setting if the Control Room user name is the same as the string in the Subject field for the user certificate.
      Universal Principal Name
      Use this setting if the Control Room user name is the same as the string in the Universal Principal Name field for the user certificate.