Using Client Certificate Authentication
You can configure Contenta Web to authenticate users with Client Certificate (PKI/X.509) authentication. For this authentication, Contenta Web will depend on web server (Tomcat) receiving the user information from a user certificate.
Contenta Web can be configured to allow users to log in using Client Certificate Public Key Infrastructure (PKI) authentication. To enable client certificate authentication, a public key certificate must be obtained from a certificate authority (CA) and installed on the user's web browser. Once the user has provided authentication to the operating system, such as with a Common Access Card (CAC), the Contenta Web server uses this certificate to authenticate the user's credentials. Contenta Web client certificate authentication is based on the X.509 standard issued by the ITU Telecommunication Standardization Sector (ITU-T).
To log in to Contenta Web using certificate authentication, the user navigates to the following URL using a fully qualified host name:
https://<host_name>/cw/standard/code/CWSSOLogin.jsp
Set up to enable PKI authentication consists of the following tasks:
- Set the XYE_PDM_AUTHENTICATION system variable to require certificate authentication.
- Configure a trust key between Contenta Web and Contenta Server.
- Obtain and install a public key certificate on the client browser.