Configuring Client Certificate Authentication
Composer supports X.509 client certificate authentication. However, note that auto-provisioning of user accounts is not available for client certificate authentication.
To use the X.509 authorization you need to:
- Enable the X.509 option in the Security Services section
- Configure the required properties in the
Composer does not support auto-provisioning of user accounts for client certificate authentication.
For guidance on accessing and editing a Composer property file, refer to the topic Configure Your Composer v6 Installation.
Add the following settings to your
server.ssl.trust-store-type= <use_either_jks_or pkcs12>
For each user, create an user account in Composer with the username set to the 'CN' in the user's certificate.
Challenges you may run into:
User is never prompted to select a certificate:
- Make sure you have added at least one CA to the trust-store file.
- Verify server.ssl.client-auth is set to want.
Selecting login brings me back to the login page:
- Make sure the username matches the CN of the certificate being used.
- Make sure the client certificate is signed by a CA in the trust-store.
For further troubleshooting assistance, contact Composer Technical Support.