Authenticate to the KMES Series 3 through SCEP

you can use several methods to authenticate to a key management server with scep the capabilities depend on the scep client the {{k3}} supports authenticating with a username and password or by using a tls certificate with a pki identity provider both of these authentication methods require you to create a user on the {{k}} the difference between the two methods is that for authentication with the tls certificate, the name of the {{k}} user must match the common name of the tls certificate create a role and identity for the scep client the following sections cover the password and tls certificate authentication methods password authentication method perform the following steps to authenticate with a username and password create the role perform the following steps to create the role go to identity management > roles , and select \[ add ] on the info tab, set the following setting required configuration type application name scep login required 1 on the advanced tab, set allowed ports to scep only select \[ ok ] to finish creating the role create the identity perform the following steps to create the identity go to identity management > identities , right click anywhere in the window, and select add > client application on the info tab of the identity editor window, select application for the storage location, and specify scep as the identity name on the assigned roles tab, select the role you created on the authentication tab, remove the default api key mechanism and select \[ add ] in the configure credential dialog, select password in the type drop down menu, then select \[ change ] set a password and select \[ save ] then, select \[ ok ] to finish configuring the credential select \[ ok ] to finish creating the identity tls authentication method perform the following steps to authenticate with a tls certificate create the identity provider perform the following steps to create the identity provider log in to the {{k3}} application interface with the default admin identities go to identity management > identity providers right click anywhere in the window and select add > provider > pki on the info tab of the identity provider editor window, specify a name for the identity provider and uncheck enforce dual factor on the pki options tab, select \[ select ] in the certificate selector window, expand the certificate tree you previously created, select the ca certificate that signed the scep client and scep connection pair certificates, and then select \[ ok ] select \[ ok ] to finish creating the pki identity provider right click the identity provider you just created and select add > mechanism > tls on the info tab, specify a name for the authentication mechanism on the pki tab, leave all fields set to the default values select \[ ok ] to save create the role perform the following steps to create the role go to the identity management > roles menu, then select \[ add ] in the info tab of the role editor window, use the following settings setting required configuration type application name scep login required 1 on the advanced tab, set allowed ports to scep only select \[ ok ] to finish creating the role create the identity perform the following steps to create the identity go to the identity management > identities menu, right click anywhere in the window, and select add > client application on the info tab of the identity editor window, select application for the storage location and specify scep as the identity name on the assigned roles tab, select the role you created on the authentication tab, remove the default api key mechanism and select \[ add ] in the configure credential window, select tls certificate in the type drop down menu, then select the provider and mechanism you created select \[ ok ] to finish configuring the credential select \[ ok ] to finish creating the identity