EnableClientAuthentication
Enables alternative client authentication methods for the specified directory.
Request Syntax
{
"DirectoryId": "string",
"Type": "string"
}Request Parameters
The request accepts the following data in JSON format.
- DirectoryId
-
The identifier of the specified directory.
Type: String
Pattern:
^d-[0-9a-f]{10}$Required: Yes
- Type
-
The type of client authentication to enable. Currently only the value
SmartCardis supported. Smart card authentication in AD Connector requires that you enable Kerberos Constrained Delegation for the Service User to the LDAP service in your self-managed AD.Type: String
Valid Values:
SmartCard | SmartCardOrPasswordRequired: Yes
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
Client authentication is not available in this region at this time.
HTTP Status Code: 400
- ClientException
-
A client exception has occurred.
HTTP Status Code: 400
- DirectoryDoesNotExistException
-
The specified directory does not exist in the system.
HTTP Status Code: 400
- InvalidClientAuthStatusException
-
Client authentication is already enabled.
HTTP Status Code: 400
- NoAvailableCertificateException
-
Client authentication setup could not be completed because at least one valid certificate must be registered in the system.
HTTP Status Code: 400
- ServiceException
-
An exception has occurred in Amazon Directory Service.
HTTP Status Code: 500
- UnsupportedOperationException
-
The operation is not supported.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: