So I recently took the plunge and migrated a test 12.52 policy server over to 12.6 on Windows. We use custom certificate mapping authentication with the EnableCustomExprOnly registry key set to allow us to use another LDAP attribute to store the user CN from the certificate. It would appear that 12.6 no longer recognizes this registry key and tries to map the custom expression to the user directory attribute. I have opened a support request for this but was wondering if anyone else has ran into any similar issues with registry settings in 12.6.
From the documentation there is no changes made to this registry key in 12.6 EnableCustomExprOnly.
I can confirm from source code review that , the support for EnableCustomExprOnly registry is indeed disabled in 12.6
This has not been documented in the bookshelf.
As per the source code comment, this was temporarily disabled for testing the 64 bit support for Policy server.
I reckon they forgot to undo the debug changes.
So this really is a bug.
I have instructed the assigned engineer of your support case to engage SE and provide dev fix.
Ujwol's Single Sign-On Blog
Thank you Ujwol!