cancel
Showing results for 
Search instead for 
Did you mean: 

Info. needed on Certificate-only Authentication

SOLVED
Powerman_
New Contributor

Info. needed on Certificate-only Authentication

Hi All,

I'm new to the IVE and forum so excuse the ignorance. I presently have 2 factor auth.(cert and AD) and SSO to Outlook2007/OWA working great on 6.3R2. I have created a different realm for users that I want to use certificate-only authentication. I cannot get it to work, I still get the login page. Appearently I'm missing something. Can I do SSO with Cert-only auth. ?

Some direction would be appreciated and remember I'm new to the IVE so don't worry about insulting me. All info. is appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
muttbarker_
Valued Contributor

Re: Info. needed on Certificate-only Authentication

1- User cert should be a browser cert

2- Use the auth-server you defined for authentication to the realm. Then user whatever else for authorization / role mapping IE - LDAP....

3- When you downloaded the CA certificate for installing into the IVE did you use an encoding method of
"Base 64"?

4- Does it read "trusted for client authentication?

If you are still stuck I can send you the documentation (screen shots) that I did for my customers. We are resellers on this product so I put together a high level "how to" for my end user customers.

I am out of the office today but could pull it off my documentation server tomorrow and send it if would help.

Message Edited by muttbarker on 02-03-2009 02:49 PM

View solution in original post

13 REPLIES 13
muttbarker_
Valued Contributor

Re: Info. needed on Certificate-only Authentication

Hey Powerman - welcome to the forum - SSO w/certs - three steps:

#1- Create a client side side from your internal cert server and import it into the SA box. This will be the cert that resides on client PCs and that the SA unit will match against. Import is done under the Config/Certs/Trusted Client CA's tab.

#2- Define an auth server for the certificate login process.

#3 - Define a user realm that uses that auth server for the auth process.

Very simple, straightforward - if you run into any issues post away.

Powerman_
New Contributor

Re: Info. needed on Certificate-only Authentication

Thanks for the info. and that confirms I was on the right track. Still having the same trouble so I'm missing something. Should the user cert be a browser cert or machine cert? I created a Certificate server for auth w/default settings on the IVE. Should I use authoration or authentication? Any suggestion?
muttbarker_
Valued Contributor

Re: Info. needed on Certificate-only Authentication

1- User cert should be a browser cert

2- Use the auth-server you defined for authentication to the realm. Then user whatever else for authorization / role mapping IE - LDAP....

3- When you downloaded the CA certificate for installing into the IVE did you use an encoding method of
"Base 64"?

4- Does it read "trusted for client authentication?

If you are still stuck I can send you the documentation (screen shots) that I did for my customers. We are resellers on this product so I put together a high level "how to" for my end user customers.

I am out of the office today but could pull it off my documentation server tomorrow and send it if would help.

Message Edited by muttbarker on 02-03-2009 02:49 PM

View solution in original post

Powerman_
New Contributor

Re: Info. needed on Certificate-only Authentication

I'm embarassed to say it but "I'm not smarter than a fith grader". When I read the email you sent I realized that I was forgetting to change my sign-in page so it would not show the login page. If I had entered the realm only it would have worked. Thanks for the assistance and I'll get back to you about the file you sent.

You desrve KUDOS for this and as soon as I find how to do it, I will. Thanks Again

drf_
Contributor

Re: Info. needed on Certificate-only Authentication

Powerman,

You said that "I still get the login page." Are you saying that you cannot login to the IVE with your certificate realm or that the SSO is not working and you get the OWA login page?

Make sure that your browser contains the correct Certificate Authorities and the "Trusted Client CA" in the IVE is set to allow Client Authentication

cmcguire_
New Contributor

Re: Info. needed on Certificate-only Authentication

Kevin,

Wondering if you'd be able to shoot me a copy of your how-to/screenshot document for setting up Certificate authentication on the SSL platform. I've not done it before and it sounds like your doc would be a great help.

Thanks in advance.

Colin McGuire

muttbarker_
Valued Contributor

Re: Info. needed on Certificate-only Authentication

Sure - send me your email via private message and I will shoot you a copy.

MRK_
New Contributor

Re: Info. needed on Certificate-only Authentication

Hi I have same problem, can you forward me the documentation to kkd_mrk@yahoo.com ?

Thanks in advance.

muttbarker_
Valued Contributor

Re: Info. needed on Certificate-only Authentication

Check your inbox!