Symantec SiteMinder

 View Only

Tech Tip : CA Single Sign-On :CA Access Gateway:Auth/AZ Web Service with Certificate Authentication

By Ujwol posted Nov 24, 2016 01:20 AM

  

Summary:

In this guide, we will see how to invoke REST Auth/AZ web service and pass the required client certificate when it is protected with X.509 certificate authentication scheme.

Environment:

  • Web Agent/Policy Server: 12.52 and above
  • OS : ANY

Pre-requisites :

  • The root resource (/authazws/) for Auth/AZ web service is protected with X.509 Authentication scheme.
  • The web server (Apache) component of Apache is configured for SSL connectivity.
  • Client (user) certificate for the Authorised users are created.

Instructions:

 

TEST 1: REST Client (e.g SOAPUI)

This needs configuring SOAPUI with the X.509 certificate authentication.

This has been detailed quite well here : How to configure SoapUI with client certificate authentication 

 

 


TEST 2: REST Client ( e.g Java)

1. Add the CA cert which signed the SPS Apache server certificate to the java key store as trusted CA:

e.g. keytool -importcert -trustcacerts -alias ad2k8-01 -file RootCA-ad2k8-01.cer -keystore cacerts -storepass changeit -v

 

2. Modify the following properties in UserAuthenticationServiceImpl.java as per your environment

3. Modify the JDK home in the java-build.bat and java-run.bat (windows)

4. Compile the Test class by running java-build.bat (windows)

5. Execute the class by running java-run.bat (windows)

  Sample output :

 

Additional Information

2 comments
13 views