Manualshelf

User guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTERPRISE SERVER 6.0 - NSAPI PROGRAMMER GUIDE
51525354555657585960
Chapter 1: Overview
1-48
To use SSL Accelerator during Interstage Single Sign-on operations, SSL Accelerator must be set up as
follows:
Client Authentication
When the authentication method is "certificate authentication" or "password authentication and
certificate authentication," select “client authentication”. For the configuration method, see the
relevant SSL accelerator instruction manual.
Notification of Certificate
When the authentication method is "certificate authentication" or "password authentication and
certificate authentication," define the HTTP header to notify the authentication server of the
certificate sent from the client. For details about the configuration method, refer to the relevant SSL
accelerator instruction manual.
The defined HTTP header must be set on the authentication server. On the Interstage
Management Console, select [System] > [Security] > [Single Sign-on] > [Authentication
infrastructure] > [Authentication server] > [Settings] > [Detailed Settings [Show]]. Then, set the
defined HTTP header name as [HTTP header name for user certificate acquisition] under
[Certificate Authentication Settings].
This setting is not required when SSL Accelerator is used for the business system.
For details about the configurations on the Interstage Management Console, refer to the Operator’s
Guide.
Notes
When client authentication is enabled, the certificate to be used must always be selected at
authentication request. If certificate transmission is cancelled, SSL Accelerator discontinues
communication processing. Set up the authentication server so that the validity of certificate is
checked.
When the authentication method is "password authentication and certificate authentication," the
authentication operation in linkage with SSL Accelerator cannot be performed. If certificate
authentication fails or no certificate is presented, SSL Accelerator discontinues communication
processing, and the access to the target resource, which is requested by displaying the following
window (Figure 1-34) is cancelled.
If an expired certificate is used in the high-performance system in which SSL Accelerator is
installed between the client and authentication server, message "500 Internal Server Error" may be
sent to the Web browser. If it occurs, acquire a new certificate and register it in the Web browser.