> Can this X.509 resolves the issue like the CAS-SPNEGO experienced which is > popup shows up when using IE for basic authentication? Do our authentication > becomes seamless? How does this X.509 Certificate works?
X.509 is considered a non-interactive authentication method, so if properly configured it would meet your needs. Another name for this authentication method is SSL client authentication; that's actually the more common name. I can't emphasize enough the importance of considering client integration issues in X.509 deployments. Since client browser configuration is required in order make the client certificate available during the SSL handshake, you must consider the cost in time and money for client configuration and management. In our case we use certificates on a hardware USB token, which requires additional setup. I would strongly recommend against hardware security devices in X.509 deployments unless you have an existing client software management solution in place; installing a "soft" certificate/key pair from a PKCS12 file is preferable. Search the Web for SSL client authentication for more information. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
