Add and configure authentication provider properties for CertificateAuthenticationLoginModule, or accept the default settings.
| Property | Description |
|---|---|
| Implementation class | The fully qualified class that implements the login module. com.sybase.security.core.CertificateAuthenticationLoginModule is the default class. |
| Provider type | LoginModule is the only supported value. |
| Control flag | Determines how success or failure of this module affects the overall authentication decision. optional is the default value. |
| Clear password | (Optional) If true, the login module clears the user name and password from the shared context. The default is false. |
| Store password | (Optional) If true, the login module stores the user name and password in the shared context. The default is false. |
| Try first password | (Optional) If true, the login module attempts to retrieve user name and password information from the shared context, before using the callback handler. The default is false. |
| Use first password | (Optional) If true, the login module attempts to retrieve the user name and password only from the shared context. The default is false. |
| Enable revocation checking | (Optional) Enables online certificate status protocol (OCSP) certificate checking for user authentication. If you enable this option, you muse enable OCSP in Unwired Server. This provider uses the values defined as part of the SSL security profile. Revoked certificates result in authentication failure when both of these conditions are met:
|
| Regex for username certificate match | (Optional) By default, this value matches that of the certificates common name (CN) property used to identify the user. If a mobile application user supplies a user name that does not match this value, authentication fails. |
| Trusted certificate store | (Optional) The file containing the trusted CA certificates (import the issuer certificate into this certificate store). Use this property and Store Password property to keep the module out of the system trust store. The default Unwired Server system trust store is <UnwiredPlatform_InstallDir\Servers\UnwiredServer\Repository\Securitytruststore\truststore.jks.
Note: This property is required only if Validate certificate path is set to true.
|
| Trusted certificate store password | (Optional) The password required to access the trusted certificate store. For example, import the issuer of the certificate you are trying to authenticate into the shared
JDK cacerts file and specify the password using this property. Note: This property is required only if Validate certificate path is set to true.
|
| Trusted certificate store provider | (Optional) The keystore provider. For example, "SunJCE." Note: This property is required only if Validate certificate path is set to true.
|
| Trusted certificate store type | (Optional) The type of certificate store. For example, "JKS." Note: This property is required only if Validate certificate path is set to true.
|
| Validate certificate path | If true (the default), performs certificate chain validation of the certificate being authenticated, starting with the certificate being validated. Verifies that the issuer of that certificate is valid and is issued by a trusted certificate authority (CA), if not, it looks up the issuer of that certificate in turn and verifies it is valid and is issued by a trusted CA. In other words, it builds up the path to a CA that is in the trusted certificate store. If the trusted store does not contain any of the issuers in the certificate chain, then path validation fails. For information about adding a certificate to the truststore, click Preparing Certificates and Key Pairs. |