Need experts suggestion on the below scenario for Client Certification Authentication:
Users are having 2 types of certificate DN's based on the device which they use, for example:
Cert Type:1 CN=str1234,OU=global,DC=test,DC=com
Cert Type:2 CN=str1234-mpos,OU=global,DC=test,DC=com
But the user store contains the user ID as "str1234" without "-mpos", is there a way i can strip off the "-mpos" in the attribute mapping and authenticate the user as "str1234" ?
For CA Directory, there is no way of achieving this kind of identity mapping, the only alternatives are:
* Creating separate identities in directory
* Sharing certificates between devices
* Enabling "set ssl-auth-bypass-entry-check = true;"
I'm assuming that the authentication is occurring at a higher layer of the product stack.
Approach-1 : Within SiteMinder
Approach-2 : Outside of SiteMinder (SM only calls the Query, Function, Procedure).
i.e. if you are using an ODBC User Store.
Certainly needs to be proved via a quick PoC. However note, doing this means this functionality would be applicable to all users trying to login.