Introduction
WebSEAL uses the Cross Domain Authentication Service (CDAS) to authenticate a user and provide a Verify Identity Access user identity.
The client certificate user-mapping CDAS provides a mechanism by which WebSEAL can use the details of a client certificate to determine the corresponding Verify Identity Access user identity. The rules that govern the mapping of the client certificate are defined in XSL style notation.
Note: If no rules file is provided, by default the Verify Identity Access user identity is determined by the Subject DN
from the certificate.
The CDAS supports all user registries that Verify Identity Access supports.
The rules evaluation can return an LDAP search string. This string representation of the LDAP search filter must be in accordance with the format described in RFC 2254.