It is distributed to each user and authenticated by the PKI client certificate installed in the Web browser of each user's terminal.

The OpenAM server checks the contents of the PKI client certificate presented by the browser to determine the success or failure of the authentication.

This system uses the value of "RFC822 Name" (Applied for issuance before 8/25/2023 16:00) or "OU" (Applied for issuance after 8/25/2023 16:00) in the PKI client certificate to identify the authenticated user.

Refer to the digital certificate to obtain and install the client certificate.