Users Guide
Parameter Description
Name Specify the label of the authentication method.
Description Provide the additional information that helps to identify the authentication method.
Type Specify the type of authentication. In this context, select EAP_TLS.
Session
Resumption
Caches EAP-TLS sessions on Policy Manager for reuse if the user/client reconnects
to Policy Manager within the session timeout interval.
Session
Timeout
Specifies the duration in hours for the cached EAP-TLS sessions to be retained.
Authorization
Required
Check Enable to specify whether to perform an authorization check.
Certificate
Comparison
Specify the type of certificate comparison (identity matching) upon presenting Policy
Manager with a client certificate:
l To skip the certificate comparison, choose Do not compare.
l To compare specific attributes, choose Compare Common Name (CN),
Compare Subject Alternate Name (SAN), or Compare CN or SAN.
l To perform a binary comparison of the stored (in the client record in Active
Directory or another LDAP-compliant directory) and presented certificates,
choose Compare Binary.
Verify
Certificate
using OCSP
Select Optional or Required if the certificate must be verified by the Online
Certificate Status Protocol (OCSP). Select None to not to verify the certificate.
Override OCSP
URLfrom the
Client
Select this option to use a different URLfor OCSP. After this option is enabled, you
can enter a new URLin the OCSP URL field.
OCSPURL If the Override OCSP URLfrom the Client field is enabled, then enter the
replacement URLhere.
Table 74:
EAP_TLS - General tab Parameters
EAP-TTLS
The EAP-TTLS method contains two tabs; General and Inner Methods.
General Tab
The General tab labels the method and defines session details. The following figure shows an example of the
EAP-TTLS - General tab followed by parameter definition:
Dell Networking W-ClearPass Policy Manager 6.4 | User Guide Authentication and Authorization | 149