Fortify SSC x.509 SSO and LDAP Issues
We are using Fortify SSC 19.2.0 with x.509 SSO using a DOD CAC. We are using the regex "CN=(.+(?=\.\d))" to grab the username in LASTNAME.FIRSTNAME.MIDDLE, which works fine when creating local users manually. The issue arises when we try to incorporate our LDAP/AD configuration.
1)Firstly, as far as I can see, Fortify only looks at the Subject portion of the x.509 certificate, so the only useful thing we've been able to key off of is the username in LAST.FIRST.MIDDLE.##### format. I've not been able to get a user email or an @mil address, which would solve this problem.
2) Secondly, our AD only stores the information from the CAC Subject CN in a Certificates->Subject nested field object of some sort. We've not been able to get Fortify to grab that attribute and trying to get it to go down to the Subject field hasn't worked.
So, we can use regex to pull limited information from the x.509 certificate, but we can't use any sort of regex or string maniuplation to modify the username we want from AD. Is there a way to adjust the username retrieved from AD into a LAST.FIRST.MIDDLE so we can pull that from the CAC? Has anyone else encountered these issues and came up with some sort of solution?