Enabling the CDAS functionality

Edit online

You can enable the extended CDAS functionality.

About this task

To enable the extended CDAS functionality:

Procedure

  1. You must update the [cert-map-authn] stanza in the WebSEAL configuration file as follows: 
    [cert-map-authn]
rules-file = file 
debug-level = level
    where:
    file
    The name of the rules file for the certificate mapping CDAS to use.
    level
    Controls the trace level for the module.
    For example:
    [cert-map-authn]  
rules-file = cert-rules.txt
debug-level = 5
    Note: The level variable indicates the trace level, with 1 designating a minimal amount of tracing and 9 designating the maximum amount of tracing. You can also use the Security Verify Access pdadmin trace commands to modify the trace level by using the trace component name of pd.cas.certmap. This trace component is only available after the first HTTP request is processed.
  2. You can use the Local Management Interface (LMI) to modify the rules file (for example, cert-rules.txt) as required:
    1. Select Web > Global Settings > Client Certificate Mapping from the top menu. The Client Certificate Mapping management page displays.
    2. (Optional) If no rules files exist, you can click New to create a new rules file. Enter a name for the new file such as cert-rules.txt and click Save. A new file is generated that is based on the default template.
    3. Click the file that you want to manage, such as cert-rules.txt, from the available list of File Names.
    4. Click Edit.
    5. Update the file.
    6. Click Save.