Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Adding and Activating X.509 Certificate Parameters for X.509 Certificate Parameter Authentication

Starting with Junos Space Network Management Platform Release 15.2R1, you can add X.509 certificate parameters to authenticate users by using X.509 certificate parameters. You must enable X.509 certificate parameter authentication mode on the Modify Application Settings page to use this authentication mode. You can add up to four parameters to authenticate users in this authentication mode. You can specify X.509 certificate parameters such as CN (common name), OU (organizational unit), O (organization), L (location), ST (state of residence), C (country of residence), EMAILADDRESS (e-mail address), rfc822Name (e-mail address of the user extracted from the subject alternative name), and msUPN (Microsoft User Principal Name). The display names you specified when creating these parameters are displayed on the Create User page when you specify the values for the parameters. For more information, see Creating Users in Junos Space Network Management Platform.

CAUTION:

If you are adding a new parameter with the parameter-based authentication enabled, all users are locked if you activate the parameter without specifying the values of the parameter for all users. This restriction does not apply when you add parameters with the password-based or complete certificate-based authentication mode enabled.

The following topics describe how to add and activate X.509 certificate parameters.

Adding X.509 Certificate Parameters for X.509 Certificate Parameter Authentication

You add X.509 certificate parameters to authenticate users by using X.509 certificate parameters.

To add an X.509 certificate parameter:

  1. On the Junos Space Network Management Platform user interface, select Administration > Applications.

    The Applications page that appears displays Junos Space Platform and the Junos Space applications installed.

  2. Right-click Network Management Platform and select Modify Application Settings.

    The Modify Application Settings (Modify Network Management Platform Settings) page is displayed and the Device section is selected by default.

  3. Click the X509CertificateParameters link (on the left of the page) to add the X.509 certificate parameters that are validated during authentication.

    The X509CertificateParameters page that appears displays the X.509 certificate parameters.

    Column

    Description

    Comments

    Details about the parameter

    Admin Status

    Administrative status of the parameter: Activate or Deactivate

    Certificate Parameter

    Parameter that must be validated during login

    Parameter Display Name

    Description of the parameter
  4. Click the + icon.

    The X509CertificateParameters [New] page is displayed.

  5. In the Certificate Parameter field, enter the parameter that must be validated.
  6. In the Parameter Display Name field, enter a description about the X.509 certificate parameter.
  7. Click Add.
  8. Repeat steps 3 through 7 to add more parameters that are validated during user login.
  9. (Optional) To enter additional comments for a parameter, click the view/configure link in the Comments column.
  10. (Optional) To deactivate the parameter before enabling authentication using the parameter, click the Deactivate link in the Admin Status column.

    This step is applicable only if you enabled authentication using parameters and are adding a new parameter.

    1. To deactivate the parameter, click Yes in the Confirmation dialog box.

      The Admin Status column changes to Activate.

    2. Click No to cancel deactivating the parameter.
  11. Click Modify to save the X.509 certificate parameters.

    You are redirected to the Applications page.

Activating an X.509 Certificate Parameter

If you are authenticating users by using the parameter-based authentication mode and adding a new parameter, you must deactivate the parameter and enter the value of the parameter for all Junos Space Platform users from the Modify User page before activating the parameter for authentication. For more information, refer to Modifying a User.

To activate an X.509 certificate parameter:

  1. On the Junos Space Network Management Platform user interface, select Administration > Applications > Network Management Platform > Modify Application Settings.

    The Modify Application Settings (Modify Network Management Platform Settings) page is displayed and the Device section is selected by default.

  2. Click the X509CertificateParameters link.

    The X509CertificateParameters page that appears displays the X.509 certificate parameters.

  3. Select the row corresponding to the certificate parameter you want to activate and click the Activate link in the Admin Status column.

    A Confirmation dialog box is displayed.

  4. You can activate the parameter or cancel the activation process.
    1. To activate the parameter, click Yes in the Confirmation dialog box.

      The Admin Status column changes to Deactivate and this parameter is validated during user login.

    2. Click No to cancel activating the parameter.
  5. Click Modify to update the modifications.

    You are redirected to the Modify Application Settings page.

Related Documentation

Release History Table
Release
Description
15.2R1
Starting with Junos Space Network Management Platform Release 15.2R1, you can add X.509 certificate parameters to authenticate users by using X.509 certificate parameters.