How to configure Client Certificate Authentication with Jazz Authorization Server (JTS 6.0.1)?
Hello, I am trying to set up Client Certificate Authentication with JTS 6.0.1 using Jazz Authorization Server (JAS) so that I a user can log in with certificate only and not have to enter a name and password.
I followed the instructions here to enable client certificate authentication. The problem is, it does not appear to do anything.
I am using the flat localUserRegistry.xml as my user database and I set up a demoCA using OpenSSL, issued myself a certificate with the Common Name "ADMIN". I have installed the certificate in my browser, however when I go to authenticate, JAS still presents me with the FORM authentication, and I can log in using any of the users in localUserRegistry.xml. The certificate appears to do nothing at all.
I feel like I am missing a next step, especially with regard to authenticating without a password. I cannot find any other documentation on configuring Client Certificate Authentication with Jazz Auth Server. Help!!
One answer
If I understand correctly, the linked document is a bit misleading, particularly with the first sentence. When a client certificate (for an SSL connection) is configured (to be required), a client _has to_ provide a certificate in order to establish an SSL connection with the server. The client certificate does not appear to have anything to do with the SSO protocol (SAML) that JAS is using. In other words, I don't think configuring a client certificate can eliminate the need for a prompt for username and password.
I think you should be looking at the Kerberos SSO option.
https://www-01.ibm.com/support/knowledgecenter/SSYMRC_6.0.2/com.ibm.jazz.install.doc/topics/c_kerSso_config.html?lang=en
I think you should be looking at the Kerberos SSO option.
https://www-01.ibm.com/support/knowledgecenter/SSYMRC_6.0.2/com.ibm.jazz.install.doc/topics/c_kerSso_config.html?lang=en