AnsweredAssumed Answered

CA of client certificate without authenticating the client

Question asked by montalbano on Mar 25, 2015
Latest reply on Apr 1, 2015 by montalbano

Hi there,

 

We want to check the CA of the client certificate without authenticating the client. According to our prototyping and also to the documentation, this is not possible because the "extract attributes from certificate assertion" can only be used after an "identity assertion" like Authenticate User or Group...

Of course, a workaround could be to always initiate the authentication knowing that it fails. Doing so, the certificate attributes are accessible. But this is not a clean approach.... Any other possibilities to get the CA of the client certificate? I think it should be provided as a context variable by the "Require SSL/TLS" assertion...

 

Regards,

Peter

Outcomes