Client Cert Auth Scheme (clientCertAuth-ClientCertAuthScheme)

This component provides one method of verifying that a user is authorized to log in to a station. Provided by the clientCertAuth palette, the ClientCertAuthScheme is an authentication mechanism requiring that the user enter his or her password as well as a certificate.

With this scheme, each user object has an authenticator containing a public certificate, which matches the user certificate's private key. Additionally, each certificate must be added to the server socket's TrustAnchor list. During a login attempt, the user is prompted to upload the certificate. The server verifies that the certificate matches the certificate stored on the User object.

Adding this component to the station AuthenticationSchemes node adds a button to the Login window. The text label on the button is configurable via the Login Button Text property. By default, the button text label is “Sign in with SSO” but you should change this to your preferred text.

Figure 1. Example configured button visible in login window

Note: In the example shown, the user object is configured to use clientCertAuthScheme authentication, and to reset his or her authentication scheme on login (via the User Force Scheme Reset To property).

For additional information, refer to Admin/User workflow for client certificate authentication in the “User Authentication” chapter.

Figure 2. Certificate authorization property

To access this property, expand Config > Services > AuthenticationService > Authentication Schemes and double-click ClientCertAuthScheme.

Property	Value	Description
Login Button Text	text	Configures the text that appears on the login button.