5.3.3 WebCertificateLoginModule
WebCertificateLoginModule is the login module that uses the client certifications authenticated by the Web server to authenticate users.
- Important note
-
A Web server with SSL functionality is required to use WebCertificateLoginModule in the integrated user management framework.
It maps the distinguished name of the user requesting authentication in the client certificate that the Web server requests from the browser during SSL authentication to the user information repository.
To use this module, pre-specify the attribute names that are the user IDs in the requesting users' distinguished names in the client certificates (cn) and the attribute names used to search the LDAP directory server (uid) in ua.conf (the integrated user management configuration file).
WebCertificateLoginModule reads this file and uses the client certificate to perform the authentication process. It then obtains the user ID from the client certificate and accesses the LDAP directory server. If authentication is successful, it returns the user attributes when they are found. If no user ID in the certificate is found, FailedLoginException is returned.
The following figure shows an overview of WebCertificateLoginModule.
|
|
![[Figure]](GRAPHICS/ZU101300.GIF)