Showing results for 
Search instead for 
Did you mean: 

Certificate fields in Role Mapping

New Contributor

Certificate fields in Role Mapping


we're trying to create a customExpression for a role mapping rule. What we want to achieve is to map user to the role depending on values of certain fields of a certificate he presents.

My question is where I can get a list of certificate's fields I can use in customExpression. 

To be more precise, one of the fields I want to include in my expression is something I can see in Certificates snap-in in Windows as a 'Certificate Template Information'. We've also tried to use certificate field's name as seen in CA database, that is CertificateTemplate, but without any success.

I'd be thankful for any suggestions.

Łukasz Janus

Super Contributor

Re: Certificate fields in Role Mapping

Look in the admin guide for the version you are running.  There is a chapter called "Supplemental Information".just before the Index.  Look for section "Writing Custom Expressions" and a subsection called "System Variables and Examples".  You'll probably find the information you want there.

Another alternative is to do a policy trace on a session with the Pre-Authentication, Authentication, and Role Mapping options checked.  This shows you all variables available for role mapping, including the subfields in the certificate.