Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
lelle1 Absent Member.
Absent Member.
273 views

Possible x509 setup


Hi all,

Hi all, I have a customer that have external users that are logging in
to a 3-party directory using smart cards.
My question is if it's possible to have Access Manager to validate if a
users certificate is valid (against the CA) and not bind/login to my
customers user source, and based on that forward the user to a web
service?
If possible also inject some information from the certificate (like card
number) into a authentication header or cookie.
The web service itself will have a user source that can map the card
number to users
I don't know if this is possible or not, I'm not really sure how to work
with user certificates
Any thoughts are welcome

/Lelle


--
lelle
------------------------------------------------------------------------
lelle's Profile: https://forums.netiq.com/member.php?userid=410
View this thread: https://forums.netiq.com/showthread.php?t=55260

0 Likes
3 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Possible x509 setup

lelle wrote:

>
> Hi all,
>
> Hi all, I have a customer that have external users that are logging in
> to a 3-party directory using smart cards.
> My question is if it's possible to have Access Manager to validate if
> a users certificate is valid (against the CA) and not bind/login to my
> customers user source, and based on that forward the user to a web
> service?
> If possible also inject some information from the certificate (like
> card number) into a authentication header or cookie.
> The web service itself will have a user source that can map the card
> number to users
> I don't know if this is possible or not, I'm not really sure how to
> work with user certificates
> Any thoughts are welcome


Out of the box, no. You'll have to write something custom for this. The
out of the box X.509 auth class will validate the certificate and then
lookup the subject up in the directory to associate it with a security
principal. Information available from that object can then be injected
into headers to the backend app/webservice.

--
Cheers,
Edward
0 Likes
dei3400 Absent Member.
Absent Member.

Re: Possible x509 setup


Exactly the same I'm trying to do. Feel free to comment if you have any
luck with this one.

lelle;264532 Wrote:
> Hi all,
>
> Hi all, I have a customer that have external users that are logging in
> to a 3-party directory using smart cards.
> My question is if it's possible to have Access Manager to validate if a
> users certificate is valid (against the CA) and not bind/login to my
> customers user source, and based on that forward the user to a web
> service?
> If possible also inject some information from the certificate (like card
> number) into a authentication header or cookie.
> The web service itself will have a user source that can map the card
> number to users
> I don't know if this is possible or not, I'm not really sure how to work
> with user certificates
> Any thoughts are welcome
>
> /Lelle



--
dei3400
------------------------------------------------------------------------
dei3400's Profile: https://forums.netiq.com/member.php?userid=4671
View this thread: https://forums.netiq.com/showthread.php?t=55260

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Possible x509 setup

dei3400 wrote:

>
> Exactly the same I'm trying to do. Feel free to comment if you have
> any luck with this one.


Just thinking about this. What you could try is to make the method a
non-identifying method. Not sure what the outcome will be.


--
Cheers,
Edward
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.