Aloha. I've configured our IdM server as an OpenLDAP identity provider for our VMware vCenter 6.7 server. I'm able to login to our vCenter as the IdM user with username and password, but I'm unable to authenticate using smart card authentication. My IdM domain is "xxxx.xxxx.mil", but my smart card is issued by the DoD, and the Subject Alternative Name (SAN) on my identity certificate shows ex."Principal Name=1234567897000@mil". When we used Active Directory authentication with vCenter, the user account properties for UPN needed to match the SAN value (ex.1234567897000@mil) from the users identiy certificate. That said, if our domain name is ""xxxx.xxxx.mil", is it possible to have an IdM user account with username "first.last.usr" and a SSL certificate mapping that uses all or a portion of the SAN value (ex. "Principal Name=123456789700@mil") for smart card authentication? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-users] Using Subject Alternative Name in smart card certificate for authentication
Angelo Alvarez via FreeIPA-users Mon, 12 Jul 2021 23:14:42 -0700
- [Freeipa-users] Using Subject Alternat... Angelo Alvarez via FreeIPA-users
- [Freeipa-users] Re: Using Subject... Florence Renaud via FreeIPA-users
- [Freeipa-users] Re: Using Sub... Alexander Bokovoy via FreeIPA-users