Username_attribute not working for clientcert_auth_domain

llermaly · September 6, 2022, 1:52am

I’m trying to log in using client certificates and I can make it work using the DN even if I set username_attribute to cn.

      clientcert_auth_domain:
        description: "Authenticate via SSL client certificates"
        http_enabled: false
        transport_enabled: false
        order: 2
        http_authenticator:
          type: clientcert
          config:
            username_attribute: cn #optional, if omitted DN becomes username
          challenge: false
        authentication_backend:
          type: noop

This is the output of curl -k 'https://localhost:9200/_plugins/_security/authinfo?pretty'

{
  "user" : "User [name=CN=gustavo,OU=ME,O=ME,L=SANTIAGO,ST=RM,C=CL, backend_roles=[], requestedTenant=null]",
  "user_name" : "CN=gustavo,OU=ME,O=ME,L=SANTIAGO,ST=RM,C=CL",
  "user_requested_tenant" : null,
  "remote_address" : null,
  "backend_roles" : [ ],
  "custom_attribute_names" : [ ],
  "roles" : [
    "own_index",
    "all_access"
  ],
  "tenants" : {
    "global_tenant" : true,
    "admin_tenant" : true,
    "CN=gustavo,OU=ME,O=ME,L=SANTIAGO,ST=RM,C=CL" : true
  },
  "principal" : "CN=gustavo,OU=ME,O=ME,L=SANTIAGO,ST=RM,C=CL",
  "peer_certificates" : "1",
  "sso_logout_url" : null
}

“user_name” should be “gustavo” here.

Thanks

llermaly · September 6, 2022, 2:07am

Solved it.

Forgot to add http_enabled: true

Topic		Replies	Views
User Certifcation Security	1	453	May 24, 2021
Use SAN instead of CN as username_attribute for certificate based authentication Security	1	316	June 23, 2022
Userprincipalname opendistro Security	1	364	March 2, 2021
LDAP Authz for Group Membership Security	1	448	December 26, 2021
Authentication via LDAP, only allow certain security groups Security	4	984	February 16, 2023

Username_attribute not working for clientcert_auth_domain

Related Topics