Configuring Spotfire Server to use X.509 client certificates to authenticate users

This procedure configures the server process for authenticating users with client certificates.

This configuration is done on the command line.

Prerequisites

You have performed the first four steps in the topic Authentication using X.509 client certificates.

Procedure

  1. Use the command config‐client‐cert‐auth to configure the client certificates authentication. For more information, see Executing commands on the command line.
  2. Use the command config-auth to apply the X.509 client certificates single sign-on authentication method.
    Note: If you intend to use an LDAP user directory, an attribute in the certificate's Distinguished Name (DN) must match an LDAP account name. By default, the server will use the Common Name (CN) attribute as account name. Use the configuration tool or the config‐client‐cert‐auth command to configure the server to use another attribute as account name.
    Examples
    • Using the entire DN as account name: 
      config config-client-cert-auth --name-attribute="DN"
      This will use the entire DN as account name.
    • Using the Subject Alternative Name of type rfc822Name as account name: 
      config config-client-cert-auth --name-attribute="subjectAltName:rfc822Name"
      This will use a Subject Alternative Name as account name.