I need to do authentication with EAP certificates for authzforce. I did not find any attribute for certificates. How can I configure authzforce policy for it?
Asked
Active
Viewed 17 times
0
-
You can use whatever AttributeId you want in the XACML policy. Just make sure that your PEP maps the certificate fields to the XACML attributes (used in the policy) correctly. For example, I can use the standard "subject-id" for the cert Subject CN (or UID), and a custom "urn:example:org" for cert Subject O (Organization). Then your PEP must extract those fields CN and O from the certificate and map them to the XACML attributes "...subject-id" and "urn:example:org" properly when sending the xacml Request to AuthzForce PDP. – cdan Dec 03 '21 at 17:45
-
Feel free to accept the answer below if that helped. – cdan Sep 14 '22 at 15:51
1 Answers
0
You can use whatever AttributeId you want in the XACML policy. Just make sure that your PEP maps the certificate fields to the XACML attributes (used in the policy) correctly. For example, I can use the standard "subject-id" for the cert Subject CN (or UID), and a custom "urn:example:org" for cert Subject O (Organization). Then your PEP must extract those fields CN and O from the certificate and map them to the XACML attributes "...subject-id" and "urn:example:org" properly when sending the xacml Request to AuthzForce PDP.
cdan
- 3,470
- 13
- 27