Setting Up Client Certificate Authentication for Contenta Web

After you configure Tomcat and the web server to support PKI authentication, Contenta Web and Contenta Server setup is required to implement client certificate authentication for Contenta Web or to .

About this task

Procedure

  1. Set the value of value of the XYE_PDM_AUTHENTICATION system variable from its default of INTERNAL for Contenta Web and Contenta Server as follows:
    • In a Windows environment, set the value of XYE_PDM_AUTHENTICATION in the following registry keys:
      • Windows Contenta Web Registry Key: HKLM\Software\Wow6432Node\XyEnterprise\Content@\Web\Settings
      • Windows Contenta Server Registry Key: HKLM\Software\Wow6432Node\XyEnterprise\Content@ Server\3.0
    To implement client certificate authentication, set this value to EXTERNAL_CERT_AUTH.

    To implement client certificate authentication and configure the Contenta sysadmin desktop to use external authentication, set this value to EXTERNAL_CERT_LDAP_AUTH.

    • In a Linux environment, do one of the following:
      • Configure the cw.cshrc (Contenta Web) and pdm.cshrc (Contenta Server) files with one of the following values and re-source the files.
        • To implement client certificate authentication, set this value to EXTERNAL_CERT_AUTH.
        • To implement client certificate authentication and configure the Contenta sysadmin desktop to use external authentication, set this value to EXTERNAL_CERT_LDAP_AUTH.
      OR
      • Update the XYE_PDM_AUTHENTICATION key in unixuser.dat with one of the following values.
        • To implement client certificate authentication, set this value to EXTERNAL_CERT_AUTH.
        • To implement client certificate authentication and configure the Contenta sysadmin desktop to use external authentication, set this value to EXTERNAL_CERT_LDAP_AUTH.

        For example: ./fileregedit update "{Local Machine}" "/Software/XyEnterprise/Content@/Web/Settings" XYE_PDM_AUTHENTICATION STRING EXTERNAL_CERT_AUTH

  2. Configure the trust key between Contenta Server and Contenta Web by using the Contenta Password Manager utility (dbpwdmgr.exe) on both systems. For further information about the utility, see Using the Contenta Password Manager utility.
  3. Restart Apache HTTPD, Apache Tomcat, and Contenta Server for these changes to go into effect.
  4. For each Contenta Web desktop:
    1. Obtain and install a public key certificate in the client browser.
    2. Import the client certificate into the browser Java certificate store using the Java Control Panel.
    3. Set the path to the login screen to the location of the CWSSOLogin.jsp form.
    4. Configure the External User Id to match the user's Common Name (CN) in the certificate.
    You can use the setupexternaluserid utility to configure the User ID for each desktop. For more information, see Using the setupexternaluserid utility.