Custom Certificate Checks

Well I do not see why you are wanting this type in the protected configuration. Let me explain.

 

 

You create a variable labeled Test and the value is firepass. You can not put in a protected configuration session.bla == Test.....

 

 

Like the above poster:

 

 

session.ssl.cert.email == "%session.asv.myemail%"

 

session.ssl.cert.email == %session.asv.myemail%

 

session.user.username == "%session.avs.certuser%"

 

session.user.username == %session.avs.certuser%

 

 

You can not put in a protected configuration session.ssl.cert.email =="%session.asv.myemail%" Because that will and can be any value depending on the user or how you set it up. It has to be like this.

 

 

session.asv.myemail == "SPECIFIC VALUE ALWAYS GENERATED". How does firepass know to trust a changing variable? Firepass needs to be told to always look for instance number 1. The configuration will not work.

 

 

Protected configuarions must always meet a value criteria. You can not have it going and saying "any username + any domain name". It has to be equal to check for Mike + check for domain test.

 

 

This is like me putting a check for a computer name and putting a protected cofinguration on it. Three thousand laptops and desktops have a unique name, how do you expect it to protect against an ever changing value? A protected configuration will work if you designated the computer domain name must be in the test domain. That variable will not change.