Page Comparison

...

The following example grants access to any OMS client (e.g., UAG Server) with an IP address of 10.20.30.40, provided that client did not provide an X.509 certificate. It will refuse all other connection requests from clients that do not present a certificate. (With no encoded ,cert rules, connections from clients that provide X.509 certificates are permitted access by default.)

Scenario 2

The following example conditionally grants access to any OMS client (e.g., UAG Server) with an IP address of 10.20.30.40 that presents an X.509 certificate. Before accepting the connection, OMS Server will look for a matching CERT_MAP entry and use its certid value to evaluate the OMS_CERT_ACCESS rules.

Scenario 2a

Given the following CERT_MAP and OMS_CERT_ACCESS entries, OMS Server will accept the above connection.

• OMS will see that the cert_map entry S2A matches the incoming client request
• OMS will apply the OMS_CERT_ACCESS rule with the S2A id, which grants access to client connection requests originating from 10.20.30.40

Scenario 2b

Given the following CERT_MAP and OMS_CERT_ACCESS entries, OMS Server will reject the above connection.

• OMS will fail to find a cert_map entry that matches the incoming client certificate's information
• OMS will apply the global OMS_CERT_ACCESS rule which rejects all connection requests from clients whose certificate information does not match a cert_map entry

Scenario 3

The following example is functionality equivalent to Scenario 1, above.

Scenario 4

For a more detailed example, consider the following UACL entries:

Scenario 4a

A client with a reported IP address of 10.20.30.40 attempts to connect to OMS Server and that client does not provide an X.509 certificate.

...