...
SSL accelerator must set the client certificate in an http header. Name of the header is configured in web.xml of Certificate AP. An example of such configuration follows:
| Code Block | ||||
|---|---|---|---|---|
| ||||
<context-param> <param-name>com.ubisecure.saml2.uap.client-certificate-header</param-name> <param-value>client-certificate-header-name</param-value> </context-param> |
To prevent the user reauthentication after the smartcard is removed, it is recommended to disable the SSL session caching. Also, the connection keep-alive should be disabled or set to a short term. If the SSL accelerator provides the SSL session-id in an http header, Certificate AP is able to block the reauthentication in case of keep-alive. An example of the web.xml configuration block follows:
| Code Block | ||||
|---|---|---|---|---|
| ||||
<context-param> <param-name>com.ubisecure.saml2.uap.session-id-header</param-name> <param-value>session-id-header-name</param-value> </context-param> |
...