Configuring certificate-based authentication

As a BMC Helix Single Sign-On administrator, you can configure certificate-based authentication which is considered the most secure authentication among all authentication types supported by BMC Helix Single Sign-On.

Important

To use the certificate-based authentication, an end user browser must have a valid Public Key Certificate. The process of obtaining the Public Key Certificate is out of scope this documentation.

Related topics

Setting-up-end-user-authentication

Troubleshooting-authentication-issues

To configure certificate-based authentication, complete the following tasks:

Task	Description	Reference
1	As a system administrator, configure Tomcat that hosts the BMC Helix SSO server.	Configuring-the-Tomcat-server-for-certificate-based-authentication
2	As a BMC Helix SSO administrator, configure a realm for certificate-based authentication.	Configuring-a-realm-for-certificate-based-authentication
3	As a BMC Helix SSO administrator, validate the CA certificate if required.	Validating-a-certificate

To configure certificate-based authentication, complete the following tasks:

Task	Description	Reference
1	As a BMC Helix SSO administrator, configure a realm for certificate-based authentication.	Configuring-a-realm-for-certificate-based-authentication
2	As a BMC Helix SSO administrator, validate the CA certificate if required.	Validating-a-certificate

Configuring certificate-based authentication

On this page