- Configuring and Binding a Client Certificate Authentication Policy
- Configuring Two-Factor Client Certificate Authentication
- Configuring Smart Card Authentication
- Configuring a Common Access Card
You can configure a client certificate to authenticate users first and then require users to log on with a secondary authentication type, such as LDAP or RADIUS. In this scenario, the client certificate authenticates users first. Then, a logon page appears where they can enter their user name and password. When the Secure Sockets Layer (SSL) handshake is complete, the logon sequence can take one of the following two paths:
Group information that NetScaler Gateway extracts during the second round of authentication is appended to the group information, if any, that NetScaler Gateway extracted from the certificate.