Deploying client certificates for IAG certified endpoints and client authentication

Applies To: Intelligent Application Gateway (IAG)

Whale Communications Intelligent Application Gateway (IAG) 2007 uses client certificates as follows:

• Authentication—Client endpoints use a client certificate for authentication purposes. User identities are mapped to user objects in an LDAP directory such as an Active Directory server.

• Authorization—Client endpoints act as certified client endpoints and present a client certificate to the IAG server. Based on this certificate, IAG allows or denies access to specific applications published in a portal. In this scenario, the certificate is not used for authentication, and no user identification is required in the client certificate. Authorization can be configured based on user and group membership to an authentication server such as Active Directory Domain Services.

You cannot combine client certificate-based authorization and client certificate authentication on the same portal.

Certificates can be deployed to clients as follows:

• From a certification authority (CA) that is running locally on the IAG server. For more information, see Setting up a CA on the IAG server.

• From a remote CA. For more information, see Setting up a remote CA for IAG.