Setting Method for Client Authentication

GMOトラスト・ログインチーム
  • Updated

Application for client authentication in SKUID is required in advance.

This procedure is for those are currently in possession of a client certificate.

 

1Log in to SKUID and open [Settings>Optional Functionality>Client Authentication>Settings] on [Administrator Panel].

     

2. Click [Client Authentication Add Settings].

     

3. Add a policy for permitting access to users who log in to SKUID, using client certificate

Items for confirming whether the subject of client certificate used is matching need to be set. Items left blank will not be confirmed for a match. When applying a policy to several client certificates, only common items such as organization and prefecture name needs to be set. When including individual name and e-mail address, a policy per certificate needs to be created

 

Set each item as follows:

Name (Required)

Add a name of the policy. Set a policy that is easily distinguishable from others.

CN (Optional)

Add a general name, i.e. Common Name.

E (Optional)

Add an e-mail address, i.e. Email.

O (Optional)

Add an organization name, i.e. Organization.

OU (Optional)

Add a department name, i.e. Organization Unit. Multiple OUs in a certificate can be separated with a comma.

L (Optional)

 Add a city name, i.e. Locality.

S (Optional)

Add a prefecture name, i.e. State.

C (Optional)

Add a country name, i.e. Country name.

CA certificate (Required)

Add a root certificate and an intermediate CA certificate in base64 format. Set the root certificate at the top when a certificate path has several layers.

For example

-----BEGIN CERTIFICATE-----
Root certificate
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

Intermediate CA certificate
-----END CERTIFICATE-----

          

 

4.  Assign the created settings to members and groups. First, click the name of the setting. *Users that have been assigned to multiple settings can log in to SKUID if they have a client certificate that matches one of the policies.

 

5. Click [Add member] or [Add group].

     

6. Select target members and groups and click [Add]. When administrators assign themselves, please first confirm whether others can log in under the applied settings. Please make sure that there is always at least one administrator who can change settings of the administrator’s panel.

 

settings of the administrator’s panel.

      

This completes the settings. 

[Certificate Selection] screen will appear once company ID and an e-mail address are entered in SKUID login page. Once the certificate matching to the settings is selected, you will be asked to enter the password. The browser will need to be re-launched if the wrong password is entered.

 

After selecting a certificate, the following warning might appear depending on the browser settings. Select [Yes] here.

 

Was this article helpful?

Related articles

  1. ホーム
  2. Access Restriction Options
  3. Setting Method for Client Authentication

Setting Method for Client Authentication

GMOトラスト・ログインチーム
  • Updated

Application for client authentication in SKUID is required in advance.

This procedure is for those are currently in possession of a client certificate.

 

1Log in to SKUID and open [Settings>Optional Functionality>Client Authentication>Settings] on [Administrator Panel].

     

2. Click [Client Authentication Add Settings].

     

3. Add a policy for permitting access to users who log in to SKUID, using client certificate

Items for confirming whether the subject of client certificate used is matching need to be set. Items left blank will not be confirmed for a match. When applying a policy to several client certificates, only common items such as organization and prefecture name needs to be set. When including individual name and e-mail address, a policy per certificate needs to be created

 

Set each item as follows:

Name (Required)

Add a name of the policy. Set a policy that is easily distinguishable from others.

CN (Optional)

Add a general name, i.e. Common Name.

E (Optional)

Add an e-mail address, i.e. Email.

O (Optional)

Add an organization name, i.e. Organization.

OU (Optional)

Add a department name, i.e. Organization Unit. Multiple OUs in a certificate can be separated with a comma.

L (Optional)

 Add a city name, i.e. Locality.

S (Optional)

Add a prefecture name, i.e. State.

C (Optional)

Add a country name, i.e. Country name.

CA certificate (Required)

Add a root certificate and an intermediate CA certificate in base64 format. Set the root certificate at the top when a certificate path has several layers.

For example

-----BEGIN CERTIFICATE-----
Root certificate
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

Intermediate CA certificate
-----END CERTIFICATE-----

          

 

4.  Assign the created settings to members and groups. First, click the name of the setting. *Users that have been assigned to multiple settings can log in to SKUID if they have a client certificate that matches one of the policies.

 

5. Click [Add member] or [Add group].

     

6. Select target members and groups and click [Add]. When administrators assign themselves, please first confirm whether others can log in under the applied settings. Please make sure that there is always at least one administrator who can change settings of the administrator’s panel.

 

settings of the administrator’s panel.

      

This completes the settings. 

[Certificate Selection] screen will appear once company ID and an e-mail address are entered in SKUID login page. Once the certificate matching to the settings is selected, you will be asked to enter the password. The browser will need to be re-launched if the wrong password is entered.

 

After selecting a certificate, the following warning might appear depending on the browser settings. Select [Yes] here.

 

Related articles