Client SSL Integration Guide

Similar documents
Client Certificate Authentication Guide. June 28, 2018 Version 9.4

Client Certificate Authentication Guide

Smart Card Authentication Guide

Smart Card Authentication Guide

Remove Documents from Batch Sets V2.1

Track Document Field Edits by Reviewer V5.0

Pre-Installation Guide

Metrics Guide. March 29, Version

Relativity's mobile app Guide

Workstation Configuration

Creating Dynamic Objects

Workstation Configuration

Event Handler Express Guide

Managing Relativity SQL log files

Fact Manager Guide. v7.5. May 10, For the most recent version of this document, visit kcura's Documentation Site.

Performance Dashboard Guide

Workstation Configuration

Workstation Configuration

Workstation Configuration Guide

Solving Review Case Challenges with Analytics

Managing Relativity SQL log files

Relativity's mobile app Guide

Processing Troubleshooting Guide

Fact Manager Guide. March 23, Version 8.2

INSTALLATION GUIDE Spring 2017

System Requirements. v7.5. May 10, For the most recent version of this document, visit kcura's Documentation Site.

System Requirements. Version 8.2 May 2, For the most recent version of this document, visit our documentation website.

System Requirements. Version 8.1 March 2, For the most recent version of this document, visit our documentation website.

Partner Information. Integration Overview Authentication Methods Supported

Relativity's mobile app Guide. March 2, 2016 Version

Installation Guide. July 13, 2018 Version 9.4. For the most recent version of this document, visit our documentation website.

Lightweight Directory Access Protocol (LDAP)

Remote Support Security Provider Integration: RADIUS Server

How to Configure Authentication and Access Control (AAA)

Message Networking 5.2 Administration print guide

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

Managing External Identity Sources

Instant HR Auditor Installation Guide

Using Kerberos Authentication in a Reverse Proxy Environment

Security Provider Integration RADIUS Server

Webthority can provide single sign-on to web applications using one of the following authentication methods:

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

CounterACT User Directory Plugin

Chime for Lync High Availability Setup

Installation Guide. Mobile Print for Business version 1.0. July 2014 Issue 1.0

NETWRIX PASSWORD EXPIRATION NOTIFIER

Ekran System v.6.0 Privileged User Accounts and Sessions (PASM)

Novell Access Manager

Installing and Configuring vcenter Multi-Hypervisor Manager

ActivIdentity 4TRESS AAA Web Tokens and F5 BIG-IP Access Policy Manager. Integration Handbook

Minimum requirements for Portal (on-premise version):

How to Connect to a Microsoft SQL Server Database that Uses Kerberos Authentication in Informatica 9.6.x

Version Installation Guide. 1 Bocada Installation Guide

Deltek Touch Expense for Ajera. Touch 1.0 Technical Installation Guide

Click Studios. Passwordstate. Remote Session Launcher. Installation Instructions

Nimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]

VMware AirWatch Certificate Authentication for EAS with ADCS

Configuring EAP-FAST CHAPTER

ACS 5.x: LDAP Server Configuration Example

Guardium UI Login using a Smart card

Using ZENworks with Novell Service Desk

Secure IIS Web Server with SSL

VSP16. Venafi Security Professional 16 Course 04 April 2016

Step-by-Step Guide to Ansur Executive 3.0 With or without Electronic Signatures

Workspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902

Using the Orchestration Console in System Center 2012 R2 Orchestrator

Setting Up the Server

Oracle Information Rights Management Oracle IRM Windows Authentication Extension Guide 10gR3 August 2008

LDAP/AD v1.0 User Guide

TEKLYNX LABEL ARCHIVE

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP

Cloud Access Manager Configuration Guide

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

UC for Enterprise (UCE) NEC Centralized Authentication Service (NEC CAS)

ModLink Web Forms. Installation Guide LX-DOC-MLF2.0.0-IN-EN-REVB. Version 2.0.0

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP. For VMware AirWatch

RSA Authentication Manager 7.1 Help Desk Administrator s Guide

DoD Common Access Card Authentication. Feature Description

Oracle Hospitality Simphony Venue Management Installation Guide Release 3.10 E March 2018

Avaya Converged Platform 130 Series. idrac9 Best Practices

Novell Identity Manager

Bomgar Vault Server Installation Guide

Novatel Wireless SA-2100 Edge MicroServer Installation and Setup Guide. Version [1.0]

Installation Guide. February 6, Version

Perceptive TransForm E-Forms Manager

CounterACT External Classifier Plugin

Cloud Link Configuration Guide. March 2014

Partner Information. Integration Overview. Remote Access Integration Architecture

CLI users are not listed on the Cisco Prime Collaboration User Management page.

Configuring Remote Access using the RDS Gateway

Kerio VPN Client. User Guide. Kerio Technologies

Aventail Connect Client with Smart Tunneling

Setting Up Resources in VMware Identity Manager

Partner Integration Portal (PIP) Installation Guide

Server Installation ZENworks Mobile Management 2.6.x January 2013

DOE Intranet Quick Reference Getting Started

For my installation, I created a VMware virtual machine with 128 MB of ram and a.1 GB hard drive (102 MB).

Blue Coat ProxySG First Steps Solution for Controlling HTTPS SGOS 6.7

Alchemex. Web Reporting. Learning Services Alchemex Web Module

Transcription:

Client SSL Integration Guide Version 8.2 May 2, 2014 For the most recent version of this document, visit our documentation website.

Table of Contents 1 Client SSL integration overview 3 2 System requirements 3 3 Certificate authorities 4 3.1 Certificate authority general guidelines 4 4 Configuring the Relativity website for client SSL 4 5 Configuring Relativity user information with client SSL 5 6 Log in to Relativity with a certificate 5 7 Client SSL integration troubleshooting 6 7.1 Invalid credentials 6 7.2 Certificate not found on client 7 8 Server certificates 7 Relativity Client SSL Integration Guide - 2

1 Client SSL integration overview Relativity allows you to integrate with Client SSL (Secure Sockets Layer). Certificates are digital identification documents that allow both servers and clients to authenticate each other. If you want the server and client browser to set up an SSL connection over which encrypted information can be sent, certificates are required. These credentials grant users secure access to the system. Note: The Relativity login page serves as a repository for login credentials, i.e., no Client SSL-related dialogs will appear during the login process. 2 System requirements Certificate-based SSL features in IIS consist of a server certificate, a client certificate, and various digital keys. You can obtain certificates through Microsoft Certificate Services or from a mutuallytrusted certification authority (CA). Client SSL integration with Relativity requires the following: Working installation of Relativity Valid server certificate configured on web server hosting Relativity Relativity Client SSL Integration Guide - 3

IIS configured to require certificates for the Relativity web site over an HTTPS binding Digital certificate issued to any client computer accessing Relativity 3 Certificate authorities You can obtain certificates through Microsoft Certificate Services or from a mutually trusted certification authority (CA). The primary responsibility of a CA is to confirm the identity of a party seeking a certificate. Identity confirmation ensures the validity of the identification information contained in a certificate. Note: If you do not issue your server certificate(s) through Microsoft Certificate Services, a third-party certification authority must approve your request and issue your server certificate. 3.1 Certificate authority general guidelines Before issuing a certificate, a CA requires you provide identification information such as: o o o Name Address Organization A CA may correctly verify the identity of a certificate owner. However, the CA cannot provide conclusive proof of the identity, trustworthiness, or intentions of the user or servers. 4 Configuring the Relativity website for client SSL The web server hosting Relativity requires a valid HTTPS binding which requires a valid server certificate. With a server certificate in place, the Relativity virtual directory must accept client certificates. Configure Client SSL in IIS with the following steps: 1. Open IIS Manger. 2. Navigate to the Relativity virtual directory and select Relativity. 3. Double-click SSL Settings. 4. Select Require SSL. 5. Select Accept or Require under Client certificates. Relativity Client SSL Integration Guide - 4

Accept - the web server accepts client certificates and verifies client identity in order to allow or deny client access to content. Require - the web server requires that certificates verify client identity in order to allow client access to content. 6. Click Apply in the Actions pane. 5 Configuring Relativity user information with client SSL Within Relativity, Client SSL authentication is configured on a user level. To associate a Relativity user with a digital certificate: 1. Log in to Relativity using admin credentials. Note: End user computers must have a valid client digital certificate from a trusted certificate authority or they will not be able to reach the Relativity login page (403 Forbidden message appears instead). 2. Select the Users tab. 3. Click the Edit hyperlink next to an existing user. 4. In the Email Address field the email address specified must match the email address in the Subject Email of the issued certificate. 5. In the User Information field, set the Authentication Data field to clientsslcertification: followed by the computer name of the issuer of the client certificate. This information provides Relativity with the associative link it needs to connect to the digital certificate (e.g., clientsslcertification:issurercn). For example, if the issuer of the trusted certificate was kcura-chiprodcs01-ca, the Authentication Data field would read, clientsslcertification: kcura-chiprodcs01-ca. The issuer name may contain spaces. 6 Log in to Relativity with a certificate Once Relativity user information has been configured with Client SSL, users are able to log in with the following credentials: A valid Relativity account user name (email address) A valid Relativity account password Relativity Client SSL Integration Guide - 5

A valid client certificate A typical client certificate contains identification information about a user and the organization that issued the certificate, as well as a public key. Relativity uses client certificate authentication, along with SSL encryption, to verify the identity of users by the login page. Relativity first checks that a valid certificate has been sent from the client and then authenticates the username and password. Relativity checks the following criteria to verify the validity of a certificate in the order listed: Certificate contains a Subject field with the value of E=email address where email address matches the email address for the user in Relativity Certificate contains a Issuer field with the value of CN=issuer computer name where issuer computer name matches the authentication data for the user in Relativity User is logging in on a date within the Valid from and Valid to fields in the certificate The web browser automatically sends the certificate to Relativity if the following criteria have been met: Certificate is installed in the certificate store on the user s computer Certificate has an intended purpose of Client Authentication Relativity web site has been set up to accept or require certificates in IIS SSL Settings 7 Client SSL integration troubleshooting 7.1 Invalid credentials If a user receives an Invalid Credentials message upon login, query the Details column in the AuditRecord table of the EDDS database for any the following Client SSL error messages: Certificate was not found on client (this message indicates the certificate was not installed on the client computer or the certificate is not for Client Authentication) Certificate email address does not match email address used to log in Certificate issuer name and user's AuthenticationData field do not match Certificate is either expired or not yet valid SQL Query for AuditRecord table: SELECT [Details], [Action] FROM [AuditRecord] ar INNER JOIN [User] u ON ar.userid = u.artifactid WHERE u.emailaddress = user@domain.com' AND ar.[details] LIKE '%Certificate%' Note: Replace 'user@domain.com' with the user's email address as it exists in Relativity. Relativity Client SSL Integration Guide - 6

7.2 Certificate not found on client To ensure the client sends the client certificate to the Relativity web server, disable the Don t Prompt for Client Certificate option in Internet Explorer. To disable this option: 1. Open Internet Explorer on the user s computer. 2. Open the Relativity login page in Internet Explorer. 3. Verify the security zone used by Internet Explorer in the browser Status Bar. 4. Open Internet Options from the Tools menu. 5. Select the Security tab. 6. Select the security zone used by Internet Explorer for Relativity. 7. Click the Custom Level button. 8. Under the Miscellaneous section in Security Settings, select Disable for the Don t prompt for client certificate selection when only one certificate exists. After disabling this option, try to log in to Relativity again. If you are not prompted for your client certificate, then Internet Explorer is unable to find a valid certificate marked for client authentication. The certificate is sent as part of the SSL handshake, a process that occurs outside of Relativity. 8 Server certificates Server certificates provide a way for users to confirm the identity of the Relativity web site before they transmit login information. A server certificate contains detailed identification information, such as the name of the organization affiliated with the server content, the name of the Relativity Client SSL Integration Guide - 7

organization that issued the certificate, and a public key used to establish an encrypted connection. This information assures users of the authenticity of web server content and the integrity of the SSLsecured connection. Relativity Client SSL Integration Guide - 8

Proprietary Rights This documentation ( Documentation ) and the software to which it relates ( Software ) belongs to kcura LLC and/or kcura s third party software vendors. kcura grants written license agreements which contain restrictions. All parties accessing the Documentation or Software must: respect proprietary rights of kcura and third parties; comply with your organization s license agreement, including but not limited to license restrictions on use, copying, modifications, reverse engineering, and derivative products; and refrain from any misuse or misappropriation of this Documentation or Software in whole or in part. The Software and Documentation is protected by the Copyright Act of 1976, as amended, and the Software code is protected by the Illinois Trade Secrets Act. Violations can involve substantial civil liabilities, exemplary damages, and criminal penalties, including fines and possible imprisonment. 2017. kcura LLC. All rights reserved. Relativity and kcura are registered trademarks of kcura LLC. Relativity Client SSL Integration Guide - 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback