Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to check Client Certificate fields in User Role > General > Restricitions > Certificate

SOLVED
Go to solution
henke_
Occasional Contributor
‎02-02-2011 01:01:AM
‎02-02-2011 01:01:AM

How to check Client Certificate fields in User Role > General > Restricitions > Certificate

Hello,

I am having trouble checking some specific client certificate fields under the User Role > General > Restrictions > Certificate.

I have NO problem checking certDn fields such as CN, OU, e.t.c.
Given certDn field
certDn.CN = "DOE, John"
In this case using
Certificate Field Expected Value
CN DOE, John
works fine.

I am, however, Not able to check certAttr.* or certIssuerDn.* fields.
For example
certIssuerDn.CN = "Issuing CA XX"
or
certAttr.altName.UPN = "[email protected]"

Those, I have not been able to check.

I should probably add that I am trying this on 6.5R5 on a SA6500 and 7.0R1 (DTE VA)

Anyone have an idea?

Thanks,

Henrik.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
henke_
Occasional Contributor
‎02-13-2011 07:28:AM
‎02-13-2011 07:28:AM

Re: How to check Client Certificate fields in User Role > General > Restricitions > Certifi

According to JTAC, only certDn.* and certAttr.* fields can be checked under Realm or Role Restrictions > Certificate .

Other certificate fields, in my case certIssuerDn.*, can only be used in Custom Expressions in Role Mappings.

What a shame.

"

Realm Cert restrictions would only be able to pull up details
mentioned in the Subject and Alternate Subject fields of the user certificate. Also, 
within these fields, only the CN. OU, O, C and DC fields are
supported for the Realm level cert restriction checks. For all other fields, we would 
suggest that you use the custom expressions at the role mapping level to allow/deny 
users based on other cert attributes

View solution in original post

0 Kudos
2 REPLIES 2
henke_
Occasional Contributor
‎02-09-2011 05:47:AM
‎02-09-2011 05:47:AM

Re: How to check Client Certificate fields in User Role > General > Restricitions > Certifi

JTAC case opened for this.

0 Kudos
henke_
Occasional Contributor
‎02-13-2011 07:28:AM
‎02-13-2011 07:28:AM

Re: How to check Client Certificate fields in User Role > General > Restricitions > Certifi

According to JTAC, only certDn.* and certAttr.* fields can be checked under Realm or Role Restrictions > Certificate .

Other certificate fields, in my case certIssuerDn.*, can only be used in Custom Expressions in Role Mappings.

What a shame.

"

Realm Cert restrictions would only be able to pull up details
mentioned in the Subject and Alternate Subject fields of the user certificate. Also, 
within these fields, only the CN. OU, O, C and DC fields are
supported for the Realm level cert restriction checks. For all other fields, we would 
suggest that you use the custom expressions at the role mapping level to allow/deny 
users based on other cert attributes
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.