we're trying to create a customExpression for a role mapping rule. What we want to achieve is to map user to the role depending on values of certain fields of a certificate he presents.
My question is where I can get a list of certificate's fields I can use in customExpression.
To be more precise, one of the fields I want to include in my expression is something I can see in Certificates snap-in in Windows as a 'Certificate Template Information'. We've also tried to use certificate field's name as seen in CA database, that is CertificateTemplate, but without any success.
Look in the admin guide for the version you are running. There is a chapter called "Supplemental Information".just before the Index. Look for section "Writing Custom Expressions" and a subsection called "System Variables and Examples". You'll probably find the information you want there.
Another alternative is to do a policy trace on a session with the Pre-Authentication, Authentication, and Role Mapping options checked. This shows you all variables available for role mapping, including the subfields in the certificate.