Topic
  • 4 replies
  • Latest Post - ‏2013-09-05T09:55:58Z by FAli
SystemAdmin
SystemAdmin
9855 Posts

Pinned topic How to pass client certificate to back end application

‏2005-04-08T16:16:15Z |
We are using WebSeal 5.1 and certificate based user authentication. I would like to know how I can pass the client certificate to back end server.
Updated on 2005-04-15T08:57:27Z at 2005-04-15T08:57:27Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    9855 Posts

    Re: How to pass client certificate to back end application

    ‏2005-04-14T15:20:27Z  
    WebSeal does not have this features... and I think this is not possible because the certificate can be passed to the server only within a SSL handshake.
    If WebSeal should do that it should impersonify the end-user but actually for security design WebSedal can create a muthual authentication junction with its own certificate.

    hope this help
  • SystemAdmin
    SystemAdmin
    9855 Posts

    Re: How to pass client certificate to back end application

    ‏2005-04-14T18:54:21Z  
    I did not mean WebSeal should establish an SSL using the end user certficate. Rather what I am looking for is, configure WebSeal to pass just the end user cert as an attribute in the IVCredentials that it passes to the back end application.
  • SystemAdmin
    SystemAdmin
    9855 Posts

    Re: How to pass client certificate to back end application

    ‏2005-04-15T08:57:27Z  
    I did not mean WebSeal should establish an SSL using the end user certficate. Rather what I am looking for is, configure WebSeal to pass just the end user cert as an attribute in the IVCredentials that it passes to the back end application.
    I see..

    well I can see two possible solution:

    1) write a custom CDAS that allow client cert authentication and add the certificate as an extended attribute in the credential.. but I'm no sure how the cdas can interact with GSKIT api i order to get the certificate

    2) use the default CDAS library that add tag-value attribute to the credential in this case you need that any user certificate is stored in the LDAP person objectclass
    for more detail look at

    http://publib.boulder.ibm.com/tividd/td/ITAME/SC32-1359-00/en_US/HTML/am51_webseal_guide72.htm
  • FAli
    FAli
    77 Posts

    Re: How to pass client certificate to back end application

    ‏2013-09-05T09:55:58Z  

    Hello SystemAdmin,

    Have you solved this problem?

    I am trying to do the same thing.. In my case;

    1. client provides client certificate to webseal and logs in

    2. client accesses junction, the target application asks for client certificate.

    i want webseal to pass the client certificate to the target application.

    please help me how to achieve this.

    thanks in advance.

    Updated on 2013-09-08T05:59:49Z at 2013-09-08T05:59:49Z by FAli