Selecting the Mobile PKI Method
Ubisecure SSO offers two types of MPKI authentication methods: one for unregistered users and the other for registered users. These methods can also be applied for an instance with "directory user mapping".
Unregistered Mobile PKI
In unregistered mobile PKI method, the user identifies himself to SSO by giving their mobile phone number and the optional spam prevention code. It is necessary to configure the unregistered MPKI method so that it makes a personal information query to the MSSP in order to get a user-identifying attribute.
Registered Mobile PKI
NOTE: Decide which Mobile PKI method to use before proceeding with the installation
In registered mobile PKI method, the user first identifies himself to SSO with their credentials and only after that does the actual mobile PKI authentication process take place. The user does not need to enter their mobile phone number or a spam prevention code. This means that the user found in directory SPI must have a mobile phone number defined.
This section lists the technical pre-requirements for installing the method:
- Ubisecure SSO 6.5 or later
- Service agreement with an ETSI TS 102 204 compatible MSSP (e.g. Elisa Varmenne ETSI interface)
- The following configuration information acquired from the MSSP:
- Client and server certificate to create the SSL connection (and a possible password for the client certificate)
- Certificate to verify the MPKI signature
- Configuration strings for: AP_ID, AP_PWD, signature URL, status URL