A client can mutually authenticate to the Enterprise Gateway through the exchange of
X.509 certificates. An X.509 certificate contains identity information
about its owner and is digitally signed by the Certificate Authority
that issued it.
A client will present such a certificate to the Enterprise Gateway while the initial
SSL/TLS session is being negotiated, in other words, during the
SSL handshake. The
SSL Authentication filter extracts this information
from the client certificate and sets it as message attributes. These
attributes can then be used by subsequent filters in the policy.
The SSL Authentication filter can be used as a
decision-making node on the policy. For example, it can be used to
determine a path through a policy based on how users authenticate to
the Enterprise Gateway.
|