As per RFC2818 https://www.ietf.org/rfc/rfc2818.txt, usage of CN (common name) is deprecated for identity. Usage of Subject alt name is recommended. Is there a way to use SAN as username_attribute while configuring certificate based authentication for OpenSearch and map OpenSearch role with SAN instead of CN?
@swapnilsv According to the documentation client cert authentication will use CN (optional) or DN.
I’d suggest opening a feature request on GitHub