Performing Client Authentication on Enterprise Gateway Server
In a default Enterprise Gateway configuration, external clients send requests to Enterprise Gateway Server, which in turn forwards authentication information (user/password or certificates) about these clients to the Internal Server. The Internal Server performs the authentication. This is the recommended configuration because certificates are safer when stored on the Internal Server, behind two firewalls.
However, if you want Enterprise Gateway Server to perform client authentication in addition to the authentication performed on the Internal Server, you can do so.
To enable client authentication on
Enterprise Gateway Server1. In the Integration Server Administrator on the Integration Server acting as the Enterprise Gateway Server, navigate to the Settings > Extended page and set the watt.server.revInvoke.proxyMapUserCerts system property to “true”.
2. If Enterprise Gateway Server is configured to request or require certificates, then for each external client to which you want to allow access, Enterprise Gateway Server must contain a copy of the client’s public certificate mapped to a user. For more information about mapping certificates, see
Importing a Client Certificate and
Mapping It to a User. If, instead, Enterprise Gateway Server is configured to request certificates or perform authentication using user name and password, then Enterprise Gateway Server must contain a user name for that client.
Make sure that the external client’s imported certificate or user name is the same on both the Enterprise Gateway Server and the Internal Server.
3. Set the client authentication mode of the Enterprise Gateway external port to Require Client Certificates:
a. Go to Server > Ports.
b. Find the row for the Enterprise Gateway external port. Click the port number, and then click Edit HTTP Port Configuration.
c. In the Enterprise Gateway External Port area of the Edit Enterprise Gateway Server Configuration page, in the Client Authentication box, select Require Client Certificates.
Note:
Client authentication is supported only by the HTTPS protocol. If you do not see the Client Authentication box, change the external port protocol to HTTPS.
d. Click Save Changes.