You can use this configuration mode to determine the user ID from the SubjectName field of the certificate. You use the configuration options for the ClientCertLoginModule to configure the rules to determine the user ID based on the SubjectName field in the client certificate.
To enable the use of certificate authentication, you add the ClientCertLoginModule to the login module stack for the applications to use certificate authentication.
Users that access the AS Java with client certificates are logged on with user IDs that correspond to the rule for the SubjectName field attribute that you configured.
The example ClientCertLoginModule configuration below assumes that a user provides a X.509 certificate with the following attributes for the certificate SubjectName field:
CN= myuser, OU= people, OU= CA, O= mycompany, C= DE
Determining user ID from attribute CN of certificate SubjectName
Option |
Value |
Rule1.getUserFrom |
subjectName |
Rule1.AttributeName |
CN |
Result: The authenticated user ID is myuser .
Determining the user ID from multiple attribute names in the certificate SubjectName
Option |
Value |
Rule1.getUserFrom |
subjectName |
Rule1.AttributeName |
OU |
Result: The authenticated user ID is people , matching the first leftmost occurrence of the SubjectName attribute OU .