The X.509 Certificate Integration Kit allows you to use Object Graph Navigation Library (OGNL) expressions to map attributes from X.509 certificates.
Client certificates are available as
objects. This allows you to map certificate attributes by using methods that are defined in
the Java Platform, Standard Edition API Specification. For a full list of available
methods, see the J2SE online javadoc.
To get the first client certificate in the chain as an X509Certificate object, you must use
ClientCertificateChain keyword within the OGNL expression. For
To get the entire client certificate chain as an iterable collection of X509Certificate
objects, use the
getAllObjectValues() method in the OGNL expression. For
The following table lists example OGNL expressions you can use to map certificate attributes during the setup or deployment of the X.509 Certificate Adapter. For information about using OGNL for attribute mapping in PingFederate, see Attribute Mapping Expressions in the PingFederate documentation.
||Returns a hex-encoded signature from the X.509 client certificate.|
||Extracts the comment certificate extension (Object Identifier (OID) 2.16.840.1.113730.1.13) from the X.509 client certificate, which is then hex encoded.
Other certificate extensions can be extracted by using the correct OID for the extension.