IDPv3 X509Auth - accessing certificate
Emilio Penna
emilio.penna at seciu.edu.uy
Thu Dec 17 16:45:34 EST 2015
RFE filed: https://issues.shibboleth.net/jira/browse/IDP-887
One comment/feedback about X509 authn in v3: my perception is that it
was really simple to enable it in v3, only added the flow in
idp.authn.flows, adjusted ldap search filter and configured apache for
require client certificate and it worked. more simple impossible! :)
Later, my enthusiasm began to fade when I tried to access the
certificate in an attribute script... but it will be easier... :)
thanks
Emilio
El 16/12/2015 17:07, Cantor, Scott escribió:
> On 12/16/15, 3:02 PM, "users on behalf of Emilio Penna"<users-bounces at shibboleth.net on behalf of emilio.penna at seciu.edu.uy> wrote:
>
>
>
>> Scott, Tom, thank you for your answers,
>>
>> I can access now the certificate in a scripted attribute with
>>
>> cert =
>> profileContext.getSubcontext("net.shibboleth.idp.authn.context.SubjectContext").getSubjects().get(0).getPublicCredentials().toArray()[0];
>>
>> and (for example) get the serial number with:
>>
>> serial=cert.getSerialNumber();
> If you care to, file a RFE so we get something cleaner added to the scripting contexts. I think if we'd realized so many people wanted to dig into the subject we would have exposed something simpler. No reason we can't expose the subject alongside the principal name.
>
> -- Scott
>
More information about the users
mailing list