This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Using TLS Certificate fields for authentication mapping

Using TLS Certificate fields for authentication mapping

StephanH
Valued Contributor III

‎06-08-2018 08:08 PM

Hello,

can I use TLS certificate fields like "TLS-Cert-Issuer" or "TLS-Cert-Common-Name" (or other fields mentioned here: https://extremeportal.force.com/ExtrArticleDetail?an=000064090) to do the authentication mapping in the NAC AAA configuration to e. g. switch between local authentication or proxy radius if I use 802.1x?

d4d8ae978da84b7b950785e8ca94cd72_RackMultipart20180608-114138-1wldydo-AuthMapping_inline.jpg

 


If yes, how can I do set? What do I have to enter in the fields (User/MAC/Host)?

Best regards
Stephan

 

Regards Stephan
8 REPLIES 8

Zdeněk_Pala
Extreme Employee
In response to Zdeněk_Pala

‎06-12-2018 03:29 AM

Yes you can use wildcard to check the username. Username is the CN.
Regards Zdeněk Pala
0 Kudos

StephanH
Valued Contributor III
In response to Zdeněk_Pala

‎06-12-2018 03:29 AM

Thank you Pala,

can I use only parts of the certificate CN, too? Like "host/*" in an user name.

Best regards
Stephan
Regards Stephan
0 Kudos

StephanH
Valued Contributor III

‎06-11-2018 04:57 AM

Hello Shumlik,

I want to make a decision if to proxy or do a locally auth.

Best regards
Stephan
Regards Stephan
0 Kudos

Shmulik
Extreme Employee

‎06-11-2018 04:48 AM

Stephan, are you looking to use a cert field for making a decision if to proxy the request to another server or auth locally? or are you looking to perform the auth by ExtremeControl server but use a cert field to make an authorization decision as what network service to assign?
0 Kudos
GTM-P2G8KFN