Skip to main content
Version: 3.14.x.x LTS

Configuring X509 User authentication

To configure user authentication based on X509 certificates, the tasks described in the chapter Configuring user authentication have to be performed. And the following attribute has to be configured for the IdentityCreationFilter:

<init-param>
<param-name>ch.nevis.isiweb4.ssl.SSLVerifyClient</param-name>
<param-value>require</param-value>
</init-param>

This forces the user to provide a certificate if he's accessing one of the locations where the IdentityCreationFilter is mapped. It is necessary to configure the accepted CAs . The client certificate will be sent to the authentication service nevisAuth, which extracts the user ID from the certificate.

Configuring WebLogic

Follow the steps described in SAML 2.0 Metadata specification and configure your WebLogic server as a SAML 2.0 service provider. You will have to import the metadata file you created in the previous step to register your Nevis instance as a SAML 2.0 identity provider.

For debugging purposes, it can be useful to enable weblogic.security.saml2 debug tracing.The WebLogic server should now use the Nevis instance for federated authentication using SAML 2.0.