Forum Discussion
CirrocumulusRetrieve UPN from client certificate SAN RFC 822 Name:
CirrocumulusHi Lucas, thanks for responding the variable contains the following (i masked sensitive data to test domains only) X509v3 extensions: X509v3 Subject Key Identifier: 76:09:B8:BA:1A:E9:09:86:78:22:9C:53:1B:D4:AF:E9:81:55:57:01 X509v3 Authority Key Identifier: keyid:DD:0C:FD:A1:21:AF:E3:AC:F3:6E:93:04:AB:D5:07:8B:B9:24:08:08 X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.27171.175.10.1.30 CPS: http://info.pki.test.eu/cps Policy: 0.4.0.2042.1.2 X509v3 Extended Key Usage: TLS Web Client Authentication, E-mail Protection, Microsoft Smartcardlogin X509v3 Key Usage: critical Digital Signature, Non Repudiation X509v3 Subject Alternative Name: email:[email protected] X509v3 CRL Distribution Points: Full Name: URI:http://info.pki.test.eu/crl/Test-EU-Users-CA.crl Full Name: URI:ldap://ldap.test.com.eu/CN=Test%20EU%20Users%20CA,O=Test,C=BE?certificateRevocationList?base?objectClass=pkiCA Authority Information Access: CA Issuers - URI:http://info.pki.test.com/cacerts/Test-EU-Users-CA.p7b CA Issuers - URI:ldap://test.domain.comCN=CU%20Users%20CA,O=Tlium,C=BE?cACertificate?base?objectClass=pkiCA OCSP - URI:http://otest.pki.test.com
Cirrocumulusso we should find Subject Alternative Name: email:[email protected] with mcget command inside the VPE policy, I woild rather prefer this instead of using Irules
- Lucas_Thompson
Employee
When you review the session variables for this session, what exactly do the variables look like? I'd assume looking at the output that APM would already parse these values into session variables. To check that, log in with your user and look at their "Variables" using this part of the GUI:
- Marvin
The session variable value i already pasted above so we just need to "grep" this, the email address is stored inside this variable. We tried several mcget commands to get this but it was empty all the time. The name of the variable is session.ssl.cert.x509extension
