Specifications
Chapter 6: Authentication Using External Servers
6-34
Mapping
Transparent
Certificate
attributes to
roles
3. Define the rules to determine if the user is authenticated.For each rule:
a) Enter the appropriate digital certificate attribute in the Attribute field.
b) Select the appropriate logic operator (equal to, not equal to, starts with, ends
with, contains, or [is a role]) from the Logic drop-down list.
c) Enter the appropriate value to check against the specified attribute in the Value
field.
d) Select the role to assign to the user if the rule evaluates as true and the user is
authenticated from the Role drop-down list.
See “Defining User Roles to Enforce Network Usage Policies” on page 8-2 to
define a new role available for selection in the drop-down list.
Alternatively, you can select the Create New… option to open a window that
enables you to define a new role. After you save the role information, you are
returned to the transparent certificate server page where you can select the role
from the drop-down list.
4. Optional. Use the commands included in the Row Management drop-down list to
change the order of rules, add new blank rules, clear rule data, or delete a rule, etc.
Remember, the BSC evaluates rules in the order in which they are listed here on the
transparent certificate server page.
5. Select the default user role from the Default role drop-down list. The selected default
role is the role the BSC assigns the user if none of rules is true.
Alternatively, select an LDAP/Active Directory authentication server from the Using
LDAP/Active Directory Server drop-down list to resume rules checking using the rules
configured for the selected LDAP/Active Directory authentication server.
If you select an external LDAP/Active Directory Server to authenticate the user
against, specify what data is to be parsed from the certificate for authentication.
Enter a certificate attribute in the Unique ID attribute for LDAP field, or enter a
certificate regular expression in the Unique ID regular expression for LDAP field.
Location Optional. Specify the user location from which the transparent certificate authentication
request must originate by selecting a defined user location from the drop-down menu. If a
user location is specified, the authentication request will not be attempted if the request
does not come from that location.
Notes Optional. Enter a meaningful description for the external transparent certificate
authentication server.
Saving the
settings
Click Save to store the information to the BSC database or Save and create another to
continue to define external transparent certificate authentication servers.
You may be prompted to restart the BSC. We recommend that you do not restart the BSC
until you have completely finished configuring the BSC for use in your network.
Testing an External Authentication Server
After you have finished configuring external authentication servers the BSC is to use, you
may use a simple test mechanism built into the BSC administrator console to test basic
communications between the BSC and the external authentication server.
To test communications between the BSC and an external authentication server:
1. Click the User authentication tab in the BSC administrator console.
2. Click the Authentication Servers tab, Authentication Test.
The External Authentication Test page appears as shown in Figure 6-14.
3. Enter a valid user name to access the server in the User name field.