Cisco Systems CSACS3415K9 Computer Accessories User Manual

Open as PDF

of 678

8-77

User Guide for Cisco Secure Access Control System 5.4

OL-26225-01

Chapter 8 Managing Users and Identity Stores

Configuring Identity Store Sequences

Step 4 Click Submit.

The Certificate Authentication Profile page reappears.

Related Topics

• Viewing Identity Policies, page 10-22

• Configuring Identity Store Sequences, page 8-77

• Creating External LDAP Identity Stores, page 8-26

Configuring Identity Store Sequences

An access service identity policy determines the identity sources that ACS uses for authentication and

attribute retrieval. An identity source consists of a single identity store or multiple identity methods.

When you use multiple identity methods, you must first define them in an identity store sequence, and

then specify the identity store sequence in the identity policy.

An identity store sequence defines the sequence that is used for authentication and attribute retrieval and

an optional additional sequence to retrieve additional attributes.

Authentication Sequence

An identity store sequence can contain a definition for certificate-based authentication or

password-based authentication or both.

• If you select to perform authentication based on a certificate, you specify a single Certificate

Authentication Profile, which you have already defined in ACS.

• If you select to perform authentication based on a password, you can define a list of databases to be

accessed in sequence.

When authentication succeeds, any defined attributes within the database are retrieved. You must have

defined the databases in ACS.

Principal Username X509

Attribute

Available set of principal username attributes for x509 authentication. The selection includes:

• Common Name

• Subject Alternative Name

• Subject Serial Number

• Subject

• Subject Alternative Name - Other Name

• Subject Alternative Name - EMail

• Subject Alternative Name - DNS

Perform Binary Certificate

Comparison with

Certificate retrieved from

LDAP or Active Directory

Check this check box if you want to validate certificate information for authentication against a

selected LDAP or AD identity store.

If you select this option, you must enter the name of the LDAP or AD identity store, or click

Select to select the LDAP or AD identity store from the available list.

Table 8-24 Certificate Authentication Profile Properties Page (continued)

Option Description

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems CSACS3415K9 Computer Accessories User Manual