Symantec Privileged Access Management

  • Private Community

  • 1.  PKI authentication on the web portal

    Posted Apr 06, 2017 11:35 AM

    Hi

     

    Does anyone ever had to setup pki authentication on the web portal?

    On the help page, it says that is possible to authenticate the clients with x.509 certificates:

    "Xsuite also supports Public Key Infrastructure (PKI) authentication by using X.509 certificates. Clients present their certificates to Xsuite, and Xsuite uses its internal certificate chain and a certificate revocation list (CRL) or OCSP to validate the user."

     

    But it´s not clear how it's made...

    I changed the Config->Security to enable PKI User Login. And , on the network capture, I see the portal sending an "certificate request" packet. But it seems to be requesting, to the client, certificates issued by "xceedium.com".

    Is there a way to setup the portal to accept client certificates issued by an internal CA?

    Is it possible to do pki authentication when the clients use CA PAM client ?

    Thanks in advance

    Best regards



  • 2.  Re: PKI authentication on the web portal

    Broadcom Employee
    Posted Apr 06, 2017 04:27 PM

    We have done this, using our own smartcard, and we are in the process of putting together a document to describe the steps.  We hope to have this ready soon, and will update this question.



  • 3.  Re: PKI authentication on the web portal

    Broadcom Employee
    Posted Apr 07, 2017 01:16 PM

    Here is the link to the document:

    Tech Tip - How to configure PAM for Smart Card authentication