EnableClientAuthentication - AWS Directory Service


Enables alternative client authentication methods for the specified directory.

Request Syntax

{ "DirectoryId": "string", "Type": "string" }

Request Parameters

The request accepts the following data in JSON format.


The identifier of the specified directory.

Type: String

Pattern: ^d-[0-9a-f]{10}$

Required: Yes


The type of client authentication to enable. Currently only the value SmartCard is supported. Smart card authentication in AD Connector requires that you enable Kerberos Constrained Delegation for the Service User to the LDAP service in your self-managed AD.

Type: String

Valid Values: SmartCard | SmartCardOrPassword

Required: Yes

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.


For information about the errors that are common to all actions, see Common Errors.


Client authentication is not available in this region at this time.

HTTP Status Code: 400


A client exception has occurred.

HTTP Status Code: 400


The specified directory does not exist in the system.

HTTP Status Code: 400


Client authentication is already enabled.

HTTP Status Code: 400


Client authentication setup could not be completed because at least one valid certificate must be registered in the system.

HTTP Status Code: 400


An exception has occurred in AWS Directory Service.

HTTP Status Code: 500


The operation is not supported.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: