000022481 - How to configure a user defined certificate for use with CERTIFICATE based authentication methods.

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022481
Applies ToRSA Access Manager 6.0 Entitlements Server (EServer)
RSA Access Manager 4.7 Agent for IIS
IssueHow to configure a user defined certificate for use with CERTIFICATE based authentication methods.
Error in Entitlement Manager:

Operation not supported (RC_OPERATION_NOT_SUPPORTED): certdn is mapped to dn, it can't be changed
CauseBy default Access Manager will use the users DN as the value to compare for certificate authentication.  The DN of the user is an attribute, calculated from the fully qualified distinguished name (FQDN) of the user object.  This value cannot be changed in the Entitlemetns Manager (AdminGUI).  If you wish to use a different value for the ceritificate DN's then you must assign a new attribute of type string to hold the value and configure the ldap.conf file to reference it.  The value of this attribute must be set up for each user who has a certificate.
ResolutionChange the value in ldap.conf file for the paramater cleartrust.data.ldap.user.attributemap.certdn form DN to another attribute such as ctscUserDN.  (By default the schema is extended to support the attribute ctscUserDN for this purpose but you can use any LDAP attribute of type string.)
Legacy Article IDa37994

Attachments

    Outcomes