Software AG Products 10.7 | Administering Integration Server | Configuring Ports | Adding an FTPS Port | How Client Authentication Works for FTPS Ports
 
How Client Authentication Works for FTPS Ports
How Integration Server handles client requests received at an FTPS port depends on the value of the watt.net.ftpUseCertMap server configuration parameter and the client authentication set for the FTPS port.
The watt.net.ftpUseCertMap parameter specifies whether Integration Server will honor certificate maps for requests received by FTPS ports.
*When set to false (the default), Integration Server ignores the user specified on a client certificate and logs the user in with the information provided on the username/password prompt instead.
*When set to true, if the client certificate has been previously mapped to an Integration Server user, Integration Server will log the user in as the username specified in the client certificate. Integration Server ignores the username provided on the username/password prompt.
The following table describes how Integration Server handles client requests based on the client authentication setting and provided certificate when watt.net.ftpUseCertMap is set to true.
Client Authentication
Certificate Provided
No Certificate
Username/Password
Log in with username/password supplied at prompt.
Log in with username/password supplied at prompt.
Request Certificates
If certificate is trusted and matches a mapped user, log in as that user.
If certificate is not trusted or does not match a mapped user, log in with user/password supplied at prompt.
Log in with username/password supplied at prompt.
Require Certificates
If certificate is trusted and matches a mapped user, log in as that user. Ignore user/password supplied at prompt.
If certificate is not trusted or does not match mapped user, ignore user/password supplied at prompt and reject the login request.
Reject the login request.
The following table describes how Integration Server handles client requests based on the client authentication setting and provided certificate when watt.net.ftpUseCertMap is set to false.
Client Authentication
Certificate
No Certificate
Username/Password
Log in with username/password supplied at prompt.
Log in with username/password supplied at prompt.
Request Certificates
Accept certificate if it is trusted, but ignore user provided in certificate. Instead, log in with user/password supplied at prompt.
Log in with username/password supplied at prompt.
Require Certificates
Accept certificate if it is trusted, but ignore user provided in certificate. Instead, log in with user/password supplied at prompt.
Reject the login request.