问题

使客户端身份验证与证书

4个月前
2021年12月3日
0回复
44次观点

罗曼盖
侦察
0回复

嗨，大家好，

我正在尝试通过棱镜元素（CE版）上的证书来启用客户端身份验证，以便建立2种方式身份验证（客户端 - >服务器和服务器 - >客户端）。我遵循与此配置相关的文档。https://portal.nutanix.com/page/documents/details?targetid=nutanix-security-guide-v6_0:mul-security-authentication-client-pc-t.html.

让我总结我当前的配置：

Prism Element WebUI拥有本地CA交付的证书。

在菜单下身份验证>客户端，我已启用“客户端链证书”和“启用客户端身份验证”。链包含（根CA +客户端证书）。
客户端证书是支持身份验证的“客户端证书”，常用名称设置和SubJALTNAME（CN = UPN = Client@domain.local）

当我尝试查询API时，我收到此错误消息：

{“消息”：“在SecurityContext中找不到身份验证对象”}

似乎棱镜没有将客户证书视为身份验证方法。我还通过邮递员测试了查询API，通过证书。

您能否请帮助我解决这种情况，如果您愿意，我可以提供更多细节。

PS：我还配置了棱镜与Active Directory交谈，并且连接正常工作。

谢谢，
问候

Hi Guys,<\/p>

I\u2019m trying to enable client authentication through certificate on Prism Element (CE Edition), in order to establish a 2 ways authentication (Client -> Server and Server -> Client). I followed the documentation related to this configuration. https:\/\/portal.nutanix.com\/page\/documents\/details?targetId=Nutanix-Security-Guide-v6_0:mul-security-authentication-client-pc-t.html<\/a><\/p>

Let me sum up my current configuration:<\/p>

Prism element WebUI has a certificate delivered by a local CA.<\/li>\t
\t
$\"//www.jhbzcj.com/next/prism-for-infra-and-it-ops-26/\"$ <\/figure>
\u00a0<\/p>\t<\/li><\/ul>
\u00a0<\/p>
Under the menu Authentication > Client<\/strong> , I\u2019ve enabled \u201cClient Chain Certificate\u201d and \u201cEnable Client Authentication\u201d. The chain contains ( root CA + client certificate ).
\tThe client certificate, is a \u201cClient Certificate\u201d that support authentication, the common name is set and subjAltName also ( CN = UPN = client@domain.local )<\/li><\/ul>
\u00a0<\/p>
When I try to query the api, I get this error message:<\/p>
{\"message\":\"An Authentication object was not found in the SecurityContext\"}<\/pre>
It seems that Prism doesn\u2019t see the client certificate as an authentication method. I also tested querying API through Postman with certificate.<\/p>
Could you please help me to troubleshoot this situation, I can provide more details if you want to.<\/p>
PS : I\u2019ve also configured Prism to talk with Active Directory, and the connectivity is working.<\/p>
\u00a0<\/p>
Thank you,
Regards<\/p>","quoteUsername":"RomainBee","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

像

引用

分享

0回复

做第一个回复的人！

回复

由Insidedive提供动力

条款和条件

注册

已经有一个帐户？登录

使用您的帐户登录

登录社区

使用您的帐户登录

输入您的用户名或电子邮件地址。我们将向您发送一个带有说明重置密码的电子邮件。

用户名或电子邮件

回到概述

用于病毒的扫描文件。

对不起，我们仍在检查此文件的内容，以确保它安全下载。请在几分钟后再试一次。
好的

无法下载此文件

对不起，我们的病毒扫描仪检测到此文件无法安全下载。
好的

Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
Functional","cookiepolicy.modal.level2":"Normal
Functional + analytics","cookiepolicy.modal.level3":"Complete
Functional + analytics + social media + embedded videos"}}}">