Role access control based on client certificate
AppScaler provides centralized and flexible application access authentication to consolidate identity access management infrastructure and realize enhanced security at a reduced operational cost.
The client certificate authentication and authorization are used to prove the identity of the users and also verify “you are permitted to do what you are trying to do”.
- When user accesses virtual services (with role access control) like enterprise application A/B/C, AppScaler will request the user to provide the client certificate for authentication.
- AppScaler passes the client certificate and extracts its information (Common Name in client certificate) and verify its user group against certificate server (like Active Directory) via LDAP protocol. Only permitted user groups in virtual services can be granted access.
- If not authenticated or user not in permitted user groups, user cannot access virtual service.
- If authenticated, user session will be stored and can access the virtual services.
Please click here to view the implementation details.