Symantec Access Management

Expand all | Collapse all

Custom expression to read subject alternate name from the certificate

  • 1.  Custom expression to read subject alternate name from the certificate

    Posted Apr 19, 2018 05:46 AM

    Team,

     

    We have a requirement to build a custom expression to get the user detail from the certificate for certbased authentication.

     

    We have to read the subject alternate name to build the user dn.

     

    Eg: User certificate contains subject alternate name value as "Other Name: Principal Name=username@company.com" in my custom expression i need to pick the email prefix from the subject alternate name.

     

    Please help to build a custom expression for the certificate mapping.

     

    Thanks

    Vinu Francis



  • 2.  Re: Custom expression to read subject alternate name from the certificate
    Best Answer

    Posted Apr 23, 2018 11:09 AM

    The CA Services Global Deployment team's Advanced Certificate Authentication Scheme (ACA) can handle this use case. It provides access to the subject alternate name Other Name: Principal attribute and also provides a regular expression filter mechanism that can pull out the username value from the email address.

    The certificate authentication scheme built into SiteMinder and its certificate mapping cannot do either of these.

    The ACA is an extra cost Pre-built PWP offered through CA Services. You can contact your CA Account person to obtain a trial license to test the solution and get the pricing for it. You can also download the ACA documentation from the CA web site:

    https://support.ca.com/us/product-content/recommended-reading/technical-document-index/ca-global-delivery-packaged-work-product-module-index.html

     

    Rick Siek