Dear All, This x.509 certificate for CAS can we use this for Confluence and JIRA? If this is thru SSL Client Authentication how can the Confluence or JIRA identify who is the user that's going to log on then? Is there any diagram on information on how is the authentication affects the application?
Thank you. Kind Regards, BARBOSA Bernard Senior Administrator, System/Network MUSIC Group Macao Commercial Offshore Limited (Philippines) ROHQ IP Phone: 60651 ext 1245 Tel: +63 2 9028200 ext 1245 Email: infoservsys...@music-group.com Web: www.music-group.com | www.behringer.com | www.bugera-amps.com Build Teamwork Take Ownership Don’t Waste Resources Clean Workplace = Clean Mind Respect Guidelines and Policies Improve Yourself and Help Others Don’t Forget to Smile and Say Thank You This email is intended exclusively for the addressee(s) named above and may contain privileged and confidential information. If you are not (among) the intended recipient(s), you may not copy, utilize or distribute any of the information contained herein. If you have received this email in error, please notify us immediately via return email and delete the original from your mailbox. Thank you. -----Original Message----- From: Marvin Addison [mailto:marvin.addi...@gmail.com] Sent: Thursday, January 27, 2011 10:39 PM To: cas-dev@lists.jasig.org Subject: Re: [cas-dev] CAS Client or Agent > Can this X.509 resolves the issue like the CAS-SPNEGO experienced which is > popup shows up when using IE for basic authentication? Do our authentication > becomes seamless? How does this X.509 Certificate works? X.509 is considered a non-interactive authentication method, so if properly configured it would meet your needs. Another name for this authentication method is SSL client authentication; that's actually the more common name. I can't emphasize enough the importance of considering client integration issues in X.509 deployments. Since client browser configuration is required in order make the client certificate available during the SSL handshake, you must consider the cost in time and money for client configuration and management. In our case we use certificates on a hardware USB token, which requires additional setup. I would strongly recommend against hardware security devices in X.509 deployments unless you have an existing client software management solution in place; installing a "soft" certificate/key pair from a PKCS12 file is preferable. Search the Web for SSL client authentication for more information. M -- You are currently subscribed to cas-dev@lists.jasig.org as: bernard.barb...@music-group.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
