Managing PKI Authentication

Authentication is performed using the Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) PKI is the comprehensive system required to provide public-key encryption and digital signature services. credentials stored in the user's browser or on a device (such as a smart card or token).

By default, ActivID AS supports the following PKI-based authentication methods:

  • PKI challenge/response for direct user authentication - the authenticating party signs a challenge. ActivID AS then validates the response using the end user’s reference credential (the public key certificate).
  • PKI certificate check for indirect user authentication - a trusted system presents a public key certificate bound in ActivID AS to an end user. ActivID AS checks that the certificate is associated with the user and that the device and credential status are Active.
    This authentication method assumes that the trusted system, for example a web server hosting the business application, has established a two-way SSL/TLS session with the user, thereby confirming that the user’s certificate is valid and that the user is in possession of the associated private key.
Prerequisites: The root certificate of the certificate authority (CA) must be imported into the truststore of ActivID AS.

Topics in this section