Certificate authorization – Sybase
recommends that you use CertificateValidationLoginModule for maximum
security. CertificateValidationLoginModule
validates the
user
certificate passed during mutual certificate authentication. Unlike
other methods, it confers no physical roles; therefore, the platform
administrator must create a logical role mapping. Typically, the
user
has a certificate that includes a Subject distinguished name containing
a common name (cn=TechnicalUser), so creates a logical role mapping
between the
logical
role and user:TechnicalUser in the
CN. To implement certificate authorization, see Setting Up
Authorization with Certificate
Validation
in Security.
Note: While explicitly mapping a certificate user name
for SUP Push User role in
\Sybase Control Center,
ensure there is a space after every comma. Example: user: CN:PushTest, OU=SSL Server, O=SAP-AG,
C=DE” . Further more, if you are using push
notification with strong mutual authentication, you can only use the
“Admin” security configuration. Ensure you add a
CertificateValidationLoginModule to the Admin security configuration
and and us it as the default security configuration in the
push-enabled domain. If any other security configuration is used, a
user not in Required role error
is generated in the client log.