Configuring Two-Way TLS Authentication

In the one-way TLS authentication mode, the plug-in authenticates the connected LDAP server and the connected LDAP server also authenticates the plug-in. To use two-way TLS authentication, you have to configure a trust store and an identity store.

Procedure

Create an LDAP connection in TIBCO Business Studio, as described in Creating an LDAP Connection.
Select the Use TLS check box.
From the Authentication Mode list, select External to enable the two-way TLS authentication.
In the Identity Provider field, click to select an Identity Provider resource to log in to the connected LDAP server.
See Creating an Identity Provider Resource to create an Identity Provider resource.
In the SSL Client Configuration field, click to select an SSL client Configuration resource. If no SSL client configuration instance is available, click Create Shared Resource to create one:
1. In the Create SslClientResource Resource Template dialog, specify the resource folder, package, and resource name. Click Finish to create an SSL Client Provider resource.
2. In the Keystore Provider as Trust Store field, click to select a Keystore Provider resource.
  The selected Keystore Provider resource provides access to a trust store. The plug-in accesses the keystore to verify the identity of the connected LDAP server.
  If no Keystore Provider resource is available, click Create Shared Resource to created one. See Creating a Keystore Provider Resource for more details.
3. Select the Enable Mutual Authentication check box and configure an identity store:
  - Identity Store Provider: a Keystore Provider resource that provides access to the keystore of the client. The LDAP server accesses to the keystore to verify the identity of the client.
    If no identity Keystore Provider resource is available, click Create Shared Resource to created one. See Creating a Keystore Provider Resource for more details.
  - Key Alias Name: the alias of the keystore.
  - Key Alias Password: the password of the keystore.