Home
Installing
Learn how to install the product.
Post installation tasks
After you install AppScan® Enterprise, complete these postinstallation tasks.
Authenticating with the Common Access Card (CAC)
The Common Access Card is the standard identification for active duty uniformed service personnel, Selected Reserve, DoD civilian employees, and eligible contractor personnel in the United States. It is used to enable physical access to buildings and controlled spaces, and provides access to DoD computer networks and systems. The CAC can be used for access into computers and networks that are equipped with various smart card readers. When it is inserted into the reader, the device asks the user for a PIN. This task helps you set up AppScan® Enterprise to allow CAC authentication over LDAP so that users can log in to AppScan Enterprise without providing a user name and password.
Support for Subject Alternative Name (SAN)
ASE supports CAC authentication using the Subject Alternative Name attribute.

Welcome
Welcome to the HCL AppScan Enterprise 10.6.0 documentation, where you can find information about how to install, maintain, and use HCL AppScan Enterprise.
Accessibility features for AppScan® Enterprise
Accessibility features assist users who have a disability, such as restricted mobility or limited vision, to use information technology content successfully.
Overview
Learn general information about the product.
Installing
Learn how to install the product.
- Planning the deployment and installation
  The configuration you use depends on a number of factors: what you plan to do with the software, how your organization and website or applications are structured, and how the information is to be distributed. Before you install the current release, review the information about hardware and software requirements, licensing, and other deployment considerations.
- Preinstallation tasks
  Before you install AppScan® Enterprise, you will need to prepare and configure your system.
- Installation tasks
  This section provides the instructions for installing AppScan® Enterprise.
- Post installation tasks
  After you install AppScan® Enterprise, complete these postinstallation tasks.
  - Postinstallation checklist
    After you install AppScan® Enterprise, review and complete all of the necessary tasks on the postinstallation checklist.
  - Verifying the agent service and alerting service installation
    During installation, two services were installed: the Agent Service and the Alert Service. You need to ensure that these services have been installed and are started. If the agent service is not started, any jobs that users create will not be picked up and run by the Server. If the alerting service is not started, any alerts that have been configured for users will not be issued. Make sure that only one instance of the alerting service is installed; otherwise, duplicate notifications might be sent out.
  - Configuring a basic user registry for the Liberty profile
  - Securing the deployment
    Follow these steps during installation and configuration to ensure your AppScan® Enterprise instance is secure.
  - Support for FIPS 140-2 and NIST SP800-131a security standards
    The National Institute of Standards and Technology (NIST) is the US federal technology agency that works with industry to develop and apply technology, measurements, and standards. AppScan® Enterprise Server can be configured to work with various security standards to meet security requirements required by the US government.
  - Authenticating with the Common Access Card (CAC)
    The Common Access Card is the standard identification for active duty uniformed service personnel, Selected Reserve, DoD civilian employees, and eligible contractor personnel in the United States. It is used to enable physical access to buildings and controlled spaces, and provides access to DoD computer networks and systems. The CAC can be used for access into computers and networks that are equipped with various smart card readers. When it is inserted into the reader, the device asks the user for a PIN. This task helps you set up AppScan® Enterprise to allow CAC authentication over LDAP so that users can log in to AppScan Enterprise without providing a user name and password.
    - Support for Subject Alternative Name (SAN)
      ASE supports CAC authentication using the Subject Alternative Name attribute.
- Advanced installation scenarios
Upgrading and migrating
Learn how to upgrade the product.
Integrating
Learn how to integrate the product with other solutions.
DevOps
Learn how to extend the product with REST APIs and plugins.
Best practices
Learn best practices for using the product.
Configuring
Learn how to configure the product.
Administering
Learn how to administer the product.
Managing application risk
Follow this workflow to manage application security risks in your organization.
Troubleshooting and support
To help you understand, isolate, and resolve problems with your HCL® software, the troubleshooting and support information contains instructions for using the problem-determination resources that are provided with your HCL products.
Reference
Review reference information for the product.
Glossary

Support for Subject Alternative Name (SAN)

ASE supports CAC authentication using the Subject Alternative Name attribute.

In addition to the steps described in Authenticating with the Common Access Card (CAC), do the following:

Modify the server.xml file:
1. Locate the server.xml file, at:
```
<install-dir>\AppScan Enterprise\Liberty\usr\servers\<ase instance name>\server.xml
```
2. In the <ldapRegistry> section of the file, add or edit these two attributes to look like this:
  - certificateMapMode="CUSTOM"
  - certificateMapperId="customLdapMapper"
SAN is a composite attribute containing other attributes, so you must specify the mapping to specifically fetch the LDAP attribute in the configuration JAR file:
1. Locate the SanAttributeReader.jar file of your AppScan Enterprise instance in:
```
<install-dir>\AppScan Enterprise\Liberty\usr\servers\ase\lib\ SanAttributeReader.jar
```
2. Rename it SanAttributeReader.zip and retrieve the config.properties file it contains.
3. Edit as needed.
4. Once you have verified that everything works fine, make sure to set the Logging value to off.