EnableClientAuthentication - AWS Directory Service

EnableClientAuthentication

Enables alternative client authentication methods for the specified directory.

Request Syntax

{ "DirectoryId": "string", "Type": "string" }

Request Parameters

The request accepts the following data in JSON format.

DirectoryId

The identifier of the specified directory.

Type: String

Pattern: ^d-[0-9a-f]{10}$

Required: Yes

Type

The type of client authentication to enable. Currently only the value SmartCard is supported. Smart card authentication in AD Connector requires that you enable Kerberos Constrained Delegation for the Service User to the LDAP service in your self-managed AD.

Type: String

Valid Values: SmartCard

Required: Yes

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

Client authentication is not available in this region at this time.

HTTP Status Code: 400

ClientException

A client exception has occurred.

HTTP Status Code: 400

DirectoryDoesNotExistException

The specified directory does not exist in the system.

HTTP Status Code: 400

InvalidClientAuthStatusException

Client authentication is already enabled.

HTTP Status Code: 400

NoAvailableCertificateException

Client authentication setup could not be completed because at least one valid certificate must be registered in the system.

HTTP Status Code: 400

ServiceException

An exception has occurred in AWS Directory Service.

HTTP Status Code: 500

UnsupportedOperationException

The operation is not supported.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: