Configuring Two-Way SSL Authentication
In the one-way SSL authentication mode, the plug-in authenticates the connected LDAP server and the connected LDAP server also authenticates the plug-in. To use two-way SSL authentication, you have to configure a trust store and an identity store.
Procedure
-
In the
Identity Provider field, click
to select an Identity Provider resource to log in to the connected LDAP server.
See Creating an Identity Provider Resource to create an Identity Provider resource. -
In the
SSL Client Configuration field, click
to select an SSL client Configuration resource. If no SSL client configuration instance is available, click
Create Shared Resource to create one:
-
In the
Keystore Provider as Trust Store field, click
to select a Keystore Provider resource.
The selected Keystore Provider resource provides access to a trust store. The plug-in accesses the keystore to verify the identity of the connected LDAP server.
If no Keystore Provider resource is available, click Create Shared Resource to created one. See Creating a Keystore Provider Resource for more details.
-
Select the
Enable Mutual Authentication check box and configure an identity store:
- Identity Store Provider: a Keystore Provider resource that provides access to the keystore of the client. The LDAP server accesses to the keystore to verify the identity of the client.
If no identity Keystore Provider resource is available, click Create Shared Resource to created one. See Creating a Keystore Provider Resource for more details.
- Key Alias Name: the alias of the keystore.
- Key Alias Password: the password of the keystore.
- Identity Store Provider: a Keystore Provider resource that provides access to the keystore of the client. The LDAP server accesses to the keystore to verify the identity of the client.
-
In the
Keystore Provider as Trust Store field, click
Copyright © Cloud Software Group, Inc. All rights reserved.