| Oracle® Communications Connector for Microsoft Outlook Administration Guide Release 8.0.2 E55106-01 |
|
|
PDF · Mobi · ePub |
| Oracle® Communications Connector for Microsoft Outlook Administration Guide Release 8.0.2 E55106-01 |
|
|
PDF · Mobi · ePub |
This chapter provides an overview of certificate-based authentication for Oracle Communications Connector for Microsoft Outlook.
Certificate based authentication is one of the most secure authentication methods. It uses digital certificates which are stored locally in the system, (or in a smart card etc.) to authenticate a user, as opposed to using passwords.
Connector for Microsoft Outlook supports certificate based authentication for the following back-end services:
Mail access service: IMAP + SSL, IMAP + STARTTLS
Mail transport service: SMTP + SSL
Calendar service: WCAP + SSL
Address Book Service: WABP + SSL
Corporate Directory: LDAP + SSL
User preferences: LDAP + SSL
Connector for Microsoft Outlook supports smart-card certificates and software digital certificates.
When logged into Connector for Microsoft Outlook, Outlook determines whether the server has been configured for certificate-based authentication based on the server's response to initiating a connection. If the server is configured for certificate-based authentication, Connector for Microsoft Outlook searches through the local system for eligible certificates with which to log into the server.
The eligible certificates are filtered by:
Certificates issued by "trusted CA" by the backend servers.
Unexpired certificates.
Certificates that can be used for SSL client authentication.
Connector for Microsoft Outlook prompts the user with the list of eligible certificates. The user selects the certificate with which to authenticate to back-end server. If certificate-based authentication fails, Connector for Microsoft Outlook falls back to password-based authentication and prompts user to enter a password to log in. This is also the case if the user doesn't select any certificates from the list.
Note:
If a user's profile is configured by an administrator to only support certificate-based authentication, the user will never be prompted for a password.If certificate-based authentication fails and password based authentication succeeds for the mail server, then certificate-based authentication will not be attempted for other back-end services, such as SMTP, CS, AB and LDAP. If certificate based authentication succeeds, then certificate-based authentication will be attempted with other back-end services first. If certificate-based authentication fails, password-based authentication will be attempted.
If a user mistakenly chooses a certificate different than the certificate used during the last login, the user is warned that a different certificate is being used to logon from the previous attempt and is given an option not to continue.
Caution:
If both certificate-based and password-based authentication fails with the mail server, Connector for Microsoft Outlook will not proceed authenticating with other back-end services such as Address Book, Calendar Server and LDAP server.It is possible for an administrator to configure an Connector for Microsoft Outlook user profile such that an authentication certificate is used with the back-end services without the user having to choose the certificate.
A user can configure an Connector for Microsoft Outlook profile so that the certificate information is saved, thus allowing a user to log in without being prompted to select an authentication certificate.
|
 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
