Maintaining the User's Certificate Information 

Use

When using SSL and client certificates for user authentication, the user is identified using a client certificate. To allow the J2EE Engine to identify users, their client certificate must be available in their user account on the J2EE Engine. There are several options:

·        The administrator imports users certificates manually and adds them to the user’s data. The following procedure describes the steps required.

·        Users map their own certificates to their user ID at logon. The administrator does not need to perform any steps.

·        Users’ certificates are already stored as a user attribute on the LDAP directory. In this case you need to map the relevant attributes. For more information, see Attribute Mapping for Client Certificates. You do not need to perform the steps in the following procedure.

Prerequisites

The UME property ume.logon.allow_cert is set to TRUE. For more information about how to change UME properties, see Editing UME Properties.

You have user administration rights for using the UME user management administration console.

Procedure

...

       1.      Start the UME user administration management console using the URL http://<server>:<port>/useradmin.

       2.      Log on as a user administrator.

       3.      Use the Search function to obtain the user you want to maintain.

       4.      Modify the user.

       5.      Maintain the user’s certificate in the Certificates section by choosing the symbol for Add Certificate.

If the Certificates section does not appear, then check the UME parameter ume.logon.allow.cert. Restart the server if you change this parameter.

       6.      Save changes.

Result

The user can log on to the J2EE Engine using SSL and this client certificate for authentication.