test

Sun Identity Manager 8.1 Business Administrator's Guide

Configuring X509 Certificate Authentication in Identity Manager

ProcedureTo Configure X509 Certificate Authentication

  1. Log in to the Administrator Interface as Configurator (or with equivalent permissions).

  2. Select Configure, and then select Login to display the Login page.

  3. Click Manage Login Module Groups to displays the Login Module Groups page.

  4. Select a login module group from the list.

  5. Select Identity Manager X509 Certificate Login Module from the Assign Login Module list. Identity Manager displays the Modify Login Module page.

  6. Set the login success requirement.

    The following values are acceptable:

    • Required. The login module is required to succeed. Irrespective of whether it succeeds or fails, authentication proceeds to the next login module in the list. If it is the only login module, the administrator is successfully logged in.

    • Requisite. The login module is required to succeed. If it succeeds, authentication proceeds to the next login module in the list. If it fails, authentication does not proceed.

    • Sufficient. The login module is not required to succeed. If it does succeed, authentication does not proceed to the next login module, and the administrator is successfully logged in. If it fails, authentication continues to the next login module in the list.

    • Optional. The login module is not required to succeed. Irrespective of whether it succeeds or fails, authentication continues to the next login module in the list.

  7. Select a login correlation rule. This could be a built-in rule or a custom correlation rule. (See the following section for information about creating custom correlation rules.)

  8. Click Save to return to the Modify Login Module Group page.

  9. Optionally, reorder the login modules (if more than one login module is assigned to the login module group, and then click Save.

  10. Assign the login module group to a login application if it is not yet assigned. From the Login Module Groups page, click Return to Login Applications, and then select a login application. After assigning a login module group to the application, click Save.

    Note –

    If the allowLoginWithNoPreexistingUser option is set to a value of true in the waveset.properties file, then when configuring the Identity Manager X509 Certificate Login Module, you are prompted to select a New User Name Rule. This rule is used to determine how to name new users created when one is not found by the associated Login Correlation Rule. The New User Name Rule has the same available input arguments as the Login Correlation Rule. It returns a single string, which is the user name used to create the new Identity Manager user account. A sample new user name rule is included in idm/sample/rules, named NewUserNameRules.xml.