Implementation class |
The fully qualified class that implements the login module. com.sybase.security.core.CertificateAuthenticationLoginModule is the default class. |
Provider type |
LoginModule is the only supported value. |
Control flag |
Determines how success or failure of this module affects the overall authentication decision. optional is the default value. |
Clear password |
(Optional) If true, the login module clears the user name and password from the shared context. The default is false. |
Store password |
(Optional) If true, the login module stores the user name and password in the shared context. The default is false. |
Try first password |
(Optional) If true, the login module attempts to retrieve user name and password information from the shared context, before using the callback handler. The default is false. |
Use first password |
(Optional) If true, the login module attempts to retrieve the user name and password only from the shared context. The default is false. |
Enable revocation
checking |
(Optional) Enables online certificate status protocol (OCSP)
certificate checking for user authentication. If you enable
this option, you muse enable OCSP in
Unwired Server. This provider uses the
values defined as part of the SSL security profile. Revoked
certificates result in authentication failure when both of
these conditions are met: - revocation checking is enabled
- OCSP properties are configured
correctly
|
Regex for username certificate match |
(Optional) By default, this value matches that of the certificates common name (CN) property used to identify the user. If a mobile application user supplies a user name that does not match this value, authentication fails.
|
Trusted certificate
store |
(Optional) The file
containing the trusted CA certificates (import the issuer
certificate into this certificate store). Use this property
and Store Password
property to keep the module out of the system trust store.
The default Unwired Server system trust
store is SUP_HOME\Servers\UnwiredServer\Repository\Securitytruststore\truststore.jks.
If you do not specify a store location:: - Unwired Server
checks to see if a store used by the JVM (that is,
the one defined by the javax.net.ssl.trustStoreType system
property.
- If the system property is not
defined, then this value is used: ${java.home}/lib/security/jssecacerts
- If that location also doesn't exist,
then this value is used: ${java.home}/lib/security/cacerts
Note: This property is required only
if Validate certificate path is set to true.
|
Trusted certificate store
password |
(Optional)
The password required to access the trusted certificate
store. For example, import the issuer of the certificate you
are trying to authenticate into the shared JDK cacerts file
and specify the password using this property. Note: This property is required only if
Validate certificate path is set to
true.
However, you do not need to configure this value if the
default is
used.
The
default value is the value of the
javax.net.ssl.trustStorePassword
property.
|
Trusted certificate store
provider |
(Optional) The keystore provider. For
example, "SunJCE." Note: This property is
required only if Validate certificate path is set to
true.
However, you do not need to configure this value if the
default is
used.
The
default value is the value of the
javax.net.ssl.trustStoreProvider
property. If it is not defined, then the most preferred
provider from the list of registered providers that supports
the specified certificate store type is
used.
|
Trusted certificate store
type |
(Optional) The type of certificate store.
For example, "JKS." Note: This property is
required only if Validate certificate path is set to
true.
However, you do not need to configure this value if the
default is
used.
The
default value is the value of the
javax.net.ssl.trustStore property. If
this value is not defined, then default value is the
keystore type as specified in the Java security properties
file, or the string "jks" (Java keystore) if no such
property exists.
|
Validate certificate path |
If true (the default),
performs certificate chain validation of the certificate
being authenticated, starting with the certificate being
validated. Verifies that the issuer of that certificate is
valid and is issued by a trusted certificate authority (CA),
if not, it looks up the issuer of that certificate in turn
and verifies it is valid and is issued by a trusted CA. In
other words, it builds up the path to a CA that is in the
trusted certificate store. If the trusted store does not
contain any of the issuers in the certificate chain, then
path validation fails. For information about adding a
certificate to the truststore, see Using Keytool to Generate Self-Signed Certificates and
Keys in Security.
|