Jetty will verify the Client Authentication Certificate and check if this was signed by a CA using the Root CA Certificate that is available with the Jetty truststore.
During login the user does not have to specify the account to be used. Instead, the Common Name (CN) entry of the Client Authentication Certificate's subject specifies the account used for login with JOC Cockpit. Consider that an exact match of the CN is required:
- Assume a user account: apmacwin
- The certificate subject could look like this:

Logging

Log Files
- See JS7 - Log Files and Locations
Standard Log Files
- Identity Services log output to the JETTY_BASE/logs/joc.log file. This includes reporting success or failure of authentication.
- Successful and failed authentication attempts including the user accounts involved are logged to the JETTY_BASE/logs/audit.log file.
Debug Log Files
- For problem analysis during the setup of an Identity Service, increase the log level as explained in the JS7 - Log Levels and Debug Options article.
- The JETTY_BASE/logs/joc-debug.log file includes general debug output of JOC Cockpit.
- The JETTY_BASE/logs/authentication-debug.log file includes debug output related to authentication and authorization.
- The JETTY_BASE/logs/jetty.log file includes debug output of attempts to establish SSL connections.

Space shortcuts