Configure Smart Card authentication installation procedure
Configure the Control Room to authenticate users using the Smart Card option.
このタスクは Control Room 管理者が実行します。このタスクを完了するには、十分な権利と権限が必要です。
Configure the secondary hostname to point to the Control Room
This process defines the secondary hostname used for authentication requests when the Control Room is configured for Smart Card authentication. The primary hostname is configured within the Control Room load balancer automatically. The secondary hostname must be configured within the DNS system used by the Control Room environment (add DNS entry for secondary host - external to CR)
Obtain Java KeyStore with trusted CA certificates
Configure the location the Control Room will check for Certificate Authority (CA) certificates used to authenticate user certificates for user logins.注: The certificates in this location are the server certificates for the CAs that will issue the user certificates.
Option Action Periodically scan the following location
This setting allows the administrator to define the path to keystore file containing the CA certificates. Use this setting if you periodically update the CA truststore and set the frequency of the scan.
Upload the KeyStore manually
This setting allows the administrator to load a keystore file containing the CA certificates. Use this setting if your CAs are known and static and indicate whether or not the keystore is password protected. If the keystore is password protected, supply and confirm the password.
Select the revocation checking method.
Revocation checking configures the Control Room to reject authentication requests for certificates that have been revoked.
Option Action Online Certificate Status Protocol (OSCP) Use this setting if your CA had OSCP implemented. Certificate Revocation List Use this setting if you maintain a static list of revoked certificates. No Revocation Checking Using this setting the Control Room will not perform revocation check.注: This is not recommended for production deployments where revocation will typically be used.
Use the other method if selected method fails
This setting will attempt to use the non-selected method of revocation checking if the configured method fails.
Allow user to authenticate even if revocation status cannot be
Use this setting to assure users can authenticate if either of the revocation check method fails.
Configure user name mapping.
User name mapping specifies which attribute of the user certificate is used for the Control Room username. The user name must be configured in the Control Room prior to the user logging into the Control Room and must match the user name derived from the certificate.
Obtain user name from
- Certificate subject
- Use this setting if the Control Room user name is the same as the string in the Subject field for the user certificate.
- Universal Principal Name
- Use this setting if the Control Room user name is the same as the string in the Universal Principal Name field for the user certificate.
Use Regular Expression
Enter Regular Expression that will filter the Control Room user name from the selected field of the user certificate. This may not be necessary if the Control Room user name is the same as the data within the selected certificate field.
- Obtain user name from
- [次へ] をクリックします。