Automation Anywhere ドキュメントを読んで確認する

Automation 360

コンテンツを閉じる

コンテンツ

コンテンツを開く

Configure Smart Card authentication installation procedure

  • 更新済み: 2022/02/14
    • Automation 360 v.x
    • インストール
    • RPA Workspace

Configure Smart Card authentication installation procedure

Configure the Control Room to authenticate users using the Smart Card option.

前提条件

このタスクは Control Room 管理者が実行します。このタスクを完了するには、十分な権利と権限が必要です。

Follow these steps to configure your Cloud Control Room to use Smart Card, X.509 certificate authentication.

手順

  1. Configure the secondary hostname to point to the Control Room load balancer.
    This process defines the secondary hostname used for authentication requests when the Control Room is configured for Smart Card authentication. The primary hostname is configured within the Control Room load balancer automatically. The secondary hostname must be configured within the DNS system used by the Control Room environment (add DNS entry for secondary host - external to CR)
  2. Obtain Java KeyStore with trusted CA certificates
    Configure the location the Control Room will check for Certificate Authority (CA) certificates used to authenticate user certificates for user logins.
    注: The certificates in this location are the server certificates for the CAs that will issue the user certificates.
    OptionAction
    Periodically scan the following location

    This setting allows the administrator to define the path to keystore file containing the CA certificates. Use this setting if you periodically update the CA truststore and set the frequency of the scan.

    Upload the KeyStore manually

    This setting allows the administrator to load a keystore file containing the CA certificates. Use this setting if your CAs are known and static and indicate whether or not the keystore is password protected. If the keystore is password protected, supply and confirm the password.

  3. Select the revocation checking method.
    Revocation checking configures the Control Room to reject authentication requests for certificates that have been revoked.
    OptionAction
    Online Certificate Status Protocol (OSCP) Use this setting if your CA had OSCP implemented.
    Certificate Revocation List Use this setting if you maintain a static list of revoked certificates.
    No Revocation Checking Using this setting the Control Room will not perform revocation check.
    注: This is not recommended for production deployments where revocation will typically be used.
  4. Use the other method if selected method fails
    This setting will attempt to use the non-selected method of revocation checking if the configured method fails.
  5. Allow user to authenticate even if revocation status cannot be determined
    Use this setting to assure users can authenticate if either of the revocation check method fails.
  6. Configure user name mapping.
    User name mapping specifies which attribute of the user certificate is used for the Control Room username. The user name must be configured in the Control Room prior to the user logging into the Control Room and must match the user name derived from the certificate.
    1. Obtain user name from
      Certificate subject
      Use this setting if the Control Room user name is the same as the string in the Subject field for the user certificate.
      Universal Principal Name
      Use this setting if the Control Room user name is the same as the string in the Universal Principal Name field for the user certificate.
    2. Use Regular Expression
      Enter Regular Expression that will filter the Control Room user name from the selected field of the user certificate. This may not be necessary if the Control Room user name is the same as the data within the selected certificate field.
  7. [次へ] をクリックします。
フィードバックを送る