Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class
299 views

Fortify SSC x.509 SSO and LDAP Issues

We are using Fortify SSC 19.2.0 with x.509 SSO using a DOD CAC. We are using the regex "CN=(.+(?=\.\d))" to grab the username in LASTNAME.FIRSTNAME.MIDDLE, which works fine when creating local users manually. The issue arises when we try to incorporate our LDAP/AD configuration.

 

1)Firstly, as far as I can see, Fortify only looks at the Subject portion of the x.509 certificate, so the only useful thing we've been able to key off of is the username in LAST.FIRST.MIDDLE.##### format. I've not been able to get a user email or an @mil address, which would solve this problem.

2) Secondly, our AD only stores the information from the CAC Subject CN in a Certificates->Subject nested field object of some sort. We've not been able to get Fortify to grab that attribute and trying to get it to go down to the Subject field hasn't worked.

So, we can use regex to pull limited information from the x.509 certificate, but we can't use any sort of regex or string maniuplation to modify the username we want from AD. Is there a way to adjust the username retrieved from AD into a LAST.FIRST.MIDDLE so we can pull that from the CAC? Has anyone else encountered these issues and came up with some sort of solution?

0 Likes
1 Reply
Cadet 3rd Class Cadet 3rd Class
Cadet 3rd Class

This is what I use for our DOD users. Finds users without issue.

([-A-Za-z0-9 ]+\.[-A-Za-z ]+\.?[-A-Za-z0-9 ]+\.?[-A-Za-z ]+?(?:(?:[IVX]+))?(?:\.(?:\d{10})))
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.