Integration Server 10.3 | Integration Server Administrator's Guide | Authenticating Clients | Client Certificates | Client Certificates and Port Configuration | HTTPS Ports
 
HTTPS Ports
The following table shows how the Integration Server handles client requests received at an HTTPS port when different client authentication settings are in effect. These settings are specified on the Client Authentication parameter when configuring or editing an HTTPS port.
Parameter
Client Certificate Supplied
Username/
Password
The server prompts the client for a user ID and password.
Digest
Integration Server uses password digest for authentication of all requests. If the client does not provide the authentication information, Integration Server returns an HTTP WWW-Authenticate header with digest scheme to the client requesting for authentication information. If the client provides the required authentication information, Integration Server verifies and validates the request.
A port that is configured to use password digest for authentication of client requests will process a request from a user only if the user is configured to allow password digest for authentication.
Request Client Certificates
The server requests client certificates for all requests.
If the client does not provide a certificate, the server prompts the client for a userid and password.
If the client provides a certificate:
*The server checks whether the certificate exactly matches a client certificate on file and is signed by a trusted authority. If so, the client is logged in as the user to which the certificate is mapped in Integration Server. If not, the client request fails, unless central user management is configured.
*If central user management is configured, the server checks whether the certificate is mapped to a user in the central user database. If so, the server logs the client on as that user. If not, the client request fails.
Require Client Certificates
The server requires client certificates for all requests.
The server behaves as described for Request Client Certificates, except that the client must always provide a certificate.