| || |
Client authentication in ALM 11.00
Is it possible to enable client authentication in ALM 11.00 (JBOSS) or ALM 11.5 (Jetty)? The security department is requesting this:
A client certificate is installed on every PC (Internet Explorer). This certificate is used to authenticate the clients to the server. (In SSL it is the other way: The server shows a certificate to the clients. The security department wants both ways.)
I know this should work and there is an option "ClientAuth" which can be set to "true" in the JBOSS server.xml config file. My questions are:
- Has anyone done this before?
- What will happen to QTP and Sprinter?
- Can QTP and Sprinter also use Client authentication or will the request be rejected by the server, because QTP and Sprinter do not show any certificates to the ALM server?
Thanks and best regards,
Re: Client authentication in ALM 11.00
I received a response:
It is supported in 11.5, for 11, it will be supported in upcoming patch (the latest patch is 9)