Belarc > PKI Authentication Module
The PKI Authentication Module allows authentication of BelManage users with PKI (Public Key Infrastructure) certificates presented by their web browsers, or CAC authentication. PKI certificate authentication is handled by both BelManage and the IIS web server working together. The web server accepts, authenticates, and associates the certificate with a web session. BelManage associates the certificate attributes with an account and assigns the security rights of that account to the web session.
Deployment and Use
Once installed, the system can be configured to authenticate in any of these three ways:
- Ignore PKI certificates, and continue to authenticate users by logon name and password as the base product does; or
- Collect and store PKI certificates, while continuing to authenticate users by logon name and password; or
- Authenticate users with the PKI certificate presented by their browser. This configuration prohibits logon by user name and password.
After running the installer, BelManage is configured to collect and store certificates (#2 above). Users can logon to BelManage with user name and password, and any certificate presented by their browser is associated with that account. The Users Administration page can then be used to view or edit the certificate associated with each user account.
Once the system has had adequate time to collect most or all of the users' certificates, the configuration is changed to authenticate users with the certificate (#3 above). Users are no longer permitted to authenticate with a user name and password, and the system automatically logs users on when a certificate is presented. Entry of certificates is now done through the Users Administration web page, and automatic collection of certificates is disabled.
The certificate for a user may be obtained through an enterprise directory or a certificate file with the public key.
Term
PKI Authentication Module includes a perpetual license.
Product Requirements
BelManage system.
