Certificate-based authentication overview

Last Updated : Mar 14, 2023 |

To authenticate the Avaya Co-Browsing Snap-in certificate, do the following procedures on the System Manager web interface.

  • Configure client certificate challenge through the Avaya Breeze® > Configuration > HTTP Security page.

  • Create a client keystore.

  • Download the Avaya Breeze® platform trusted certificate from System Manager.

  • Authenticate browsers.

Ensure that the client applications that access Avaya Co-Browsing Snap-in operations provide the location and credentials of their client certificate and trusted certificate to establish a secure session with the Avaya Co-Browsing Snap-in cluster.

For more information, see the Avaya Breeze® platform and System Manager product documentation.

Cross-Origin Resource Sharing

Cross-Origin Resource Sharing (CORS) enables access to Avaya Co-Browsing Snap-in requests that originate from specific domains. Cross-origin resource sharing enables JavaScripts from an application server that can send HTTPS requests to an Avaya Breeze® platform instance. The configuration is available on the Avaya Breeze® > Configuration > HTTP Security > HTTP CORS page.

If the originator is xyz.com, add xyz.com as an origin in the CORS list. If the origin is <IP address:port>, add <IP Address:port> as an origin in the CORS list.

If the originator is IP Address, add IP Address as an origin in the CORS list.

For more information, see the Avaya Breeze® platform product documentation.

Note:

If you use a custom web client application and enable the client certificate challenge, the web clients cannot authenticate the client certificate through JavaScript, that is, Ajax calls. The browser and JavaScript layers are not connected. Therefore, the application does not send the required client certificate.

Whitelist

Avaya Breeze® platform accepts HTTPS requests from the IP Addresses listed in the table. If you do not select the Whitelist enable check box the Avaya Breeze® platform accepts any HTTPS request that passes the optional client certificate challenge.