Configuring WebSEAL to use the certificate mapping moduleEdit online ProcedureCheck the accept-client-certs entry within the [certificate] stanza. The value of this entry should be required, optional, or prompt_as_needed. This determines if and when a user is prompted to provide a client certificate by the browser. For more details about the different values for this entry, see Client-side certificate authentication modes.Save the configuration file. Restart WebSEAL to implement the updates. Constructing the XSLT rules fileYou can use the mapping module to define flexible rules that allow mapping of certificate attributes to a user identity. The user identity can be a Verify Identity Access user ID. For example, testuser. Alternatively, the user identity can be the user DN as found in the registry. For example, cn=testuser, o=ibm,c=au.Validating a successful module mappingTo confirm a successful module mapping for users, ensure that a Verify Identity Access policy is set for a protected resource to refuse unauthenticated users and allow authenticated ones. Parent topic: Client Certificate User Mapping