Deployment
Learn how to deploy support for smart card authentication.
Road map
These are the main tasks to configure IBM® Security Access Manager for Enterprise Single Sign-On to provide smart card authentication.
- Ensure that the smart card middleware and reader driver are already installed on the computer. AccessAgent does not carry any drivers or middleware that might be necessary to support smart cards.
- Ensure that the IMS Server and AccessAgent are installed before the smart card authentication support deployment.
- Import all of the CA certificates from the issuer chain
into the IBM HTTP Server truststore.
You can import certificates in Base64 and DER format.
Consult your smart card vendor on how to get the smart card CA certificate.
- Enable two-way SSL on the IBM HTTP Server through the IBM Integrated Solutions Console.
- If the smart card contains a separate certificate for signing and encryption, you must do additional configurations.
- Create a smart card policy template through the SetupAssistant
in AccessAdmin.
You must add smart card as an authentication factor.
See the IBM Security Access Manager for Enterprise Single Sign-On Configuration Guide for the detailed procedures.