Public key infrastructure authentication
TrueSight Server Automation authentication can be based on public key infrastructure (PKI) for users who present a type of smart card known as a common access card (CAC). Through middleware (ActiveClient or 90meter), a TrueSight Server Automation client can access the appropriate certificate and private key on the smart card to authenticate the user. The current status of a certificate can be verified by contacting an OCSP Responder.
While logging into a TrueSight Server Automation client, the user must insert a smart card into a card reader and enter a PIN. If the information the user enters is valid and the OCSP Responder verifies the validity of the user's certificate, the Authentication Service issues the client a session credential. At that point a TrueSight Server Automation client application can use the session credential to establish a secure authenticated session with the Application Service or Network Shell Proxy Service identified by the service URLs in the session credential.