Auth node reference

Certificate User Extractor node

Extracts a value from the certificate collected by the Certificate Collector node, and searches for it in the identity store. The goal is to match the certificate with a user in the identity store.

The extracted value is stored in the username key in the shared node state.

Compatibility

Product Compatible?

PingOne Advanced Identity Cloud

ForgeRock Access Management (self-managed)

Ping Identity Platform (self-managed)

Outcomes

  • Extracted

  • Not Extracted

Evaluation continues through the Extracted path if AM finds a match for the certificate in the identity store; otherwise, evaluation continues on the Not Extracted path.

Properties

Property Usage

Certificate Field Used to Access User Profile

Specifies the field in the certificate that AM uses to search for the user in the identity store. Possible values are:

  • Subject DN

  • Subject CN

  • Subject UID

  • Email Address

  • Other

  • None

If you select Other, provide an attribute name in the Other Certificate Field Used to Access User Profile property.

Select None if you want to specify an alternate way of looking up the user profile in the SubjectAltNameExt Value Type to Access User Profile property.

Default: Subject CN

Other Certificate Field Used to Access User Profile

Specifies a custom certificate field to use as the base of the user search.

SubjectAltNameExt Value Type to Access User Profile

Specifies how to look up the user profile:

None

AM uses the value specified in the Certificate Field Used to Access User Profile or the Other Certificate Field Used to Access User Profile properties when looking up the user profile.

RFC822Name

AM looks up the user profile using the value of the RFC822Name field.

UPN

AM looks up the user profile as the User Principal Name attribute used in Active Directory.

Default: None