Perform this procedure to enable automated user login using a smart card. EPM System requires that an HTTP header named HYPLOGIN be used to pass the x509 certificate in PEM format to EPM System security (through the web server or offloader to the application server).
When users access a secure EPM System URL, a two-way secure communication channel is created between the client and the web server. After secure communication is established, the x509 personal certificate is carried in the request header from the web server to the application server to authenticate the user for SSO. The default EPM System authentication mechanism reads the user identity from the DN attribute of the certificate.
Configuring Client Certificate Authentication involves these tasks: