*Buddhima Udaranga*|Software Engineer| WSO2 Inc. <http://wso2.com/> (M)+94 714742094 | (E) buddhi...@wso2.com <https://wso2.com/signature>
---------- Forwarded message --------- From: Buddhima Udaranga <buddhi...@wso2.com> Date: Wed, May 15, 2019 at 9:39 PM Subject: X509 authenticator configuration to support 'X509v3 Subject Alternative Name' and extract specific string value of certificate's 'Subject' attribute RDN To: <architecture-requ...@wso2.org> Hi All, I'm working on developing a new feature for WSO2 Identity Server to provide support for using regex to get specific string value of certificate's 'Subject' attribute RDN and to get certificate's 'X509v3 Subject Alternative Name' attribute value. You can find the details in the following Github issue [1]. With this feature two new configurations will be added to the application-authentication.xml. - <Parameter name="UsernameRegex">[a-zA-Z]{3}</Parameter> - <Parameter name="AlternativeNamesRegex">^[a-zA-Z]{3}$</Parameter> These will be added under Authenticator Config name x509CertificateAuthenticator. With respect to [2] and [3]. Alternative names will have the priority in the authentication process. After this feature system if there is a pattern configured for alternative names then user will be authenticated using the matching alternative name for that pattern.There cannot be more than one match or no matches for a given regex. If alternative names regex pattern is not configured then will check for username regex. If regex is configured and there is only one match the authentication will be happen using that match. For any given regex for both configurations if no matches found or more than one match found the the system will throw an error. If this both configurations are not there in the application-authentication.xml the system will use the configured username attribute of the certificate to authenticate which is the CN value of the certificate in the default application-authentication.xml configuration. Please find the attached flow diagram relevant to above description. I would really appreciate any feedback. Thank you. [image: X509FlowDiagram (1).jpg] [1] - https://github.com/wso2/product-is/issues/5057 [2] - https://tools.ietf.org/html/rfc5280#section-4.1.2.6 [3] - https://tools.ietf.org/html/rfc6125#section-6.4.4 <https://tools.ietf.org/html/rfc6125#section-6.4.4> Best Regards, Buddhima *Buddhima Udaranga*|Software Engineer| WSO2 Inc. <http://wso2.com/> (M)+94 714742094 | (E) buddhi...@wso2.com <https://wso2.com/signature>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture