Need experts suggestion on the below scenario for Client Certification Authentication:
Users are having 2 types of certificate DN's based on the device which they use, for example:
Cert Type:1 CN=str1234,OU=global,DC=test,DC=com
Cert Type:2 CN=str1234-mpos,OU=global,DC=test,DC=com
But the user store contains the user ID as "str1234" without "-mpos", is there a way i can strip off the "-mpos" in the attribute mapping and authenticate the user as "str1234" ?
Approach-1 : Within SiteMinder
Approach-2 : Outside of SiteMinder (SM only calls the Query, Function, Procedure).
i.e. if you are using an ODBC User Store.
Certainly needs to be proved via a quick PoC. However note, doing this means this functionality would be applicable to all users trying to login.
For CA Directory, there is no way of achieving this kind of identity mapping, the only alternatives are:
* Creating separate identities in directory
* Sharing certificates between devices
* Enabling "set ssl-auth-bypass-entry-check = true;"
I'm assuming that the authentication is occurring at a higher layer of the product stack.