Username_attribute not working for clientcert_auth_domain

llermaly · September 6, 2022, 1:52am

I’m trying to log in using client certificates and I can make it work using the DN even if I set username_attribute to cn.

      clientcert_auth_domain:
        description: "Authenticate via SSL client certificates"
        http_enabled: false
        transport_enabled: false
        order: 2
        http_authenticator:
          type: clientcert
          config:
            username_attribute: cn #optional, if omitted DN becomes username
          challenge: false
        authentication_backend:
          type: noop

This is the output of curl -k 'https://localhost:9200/_plugins/_security/authinfo?pretty'

{
  "user" : "User [name=CN=gustavo,OU=ME,O=ME,L=SANTIAGO,ST=RM,C=CL, backend_roles=[], requestedTenant=null]",
  "user_name" : "CN=gustavo,OU=ME,O=ME,L=SANTIAGO,ST=RM,C=CL",
  "user_requested_tenant" : null,
  "remote_address" : null,
  "backend_roles" : [ ],
  "custom_attribute_names" : [ ],
  "roles" : [
    "own_index",
    "all_access"
  ],
  "tenants" : {
    "global_tenant" : true,
    "admin_tenant" : true,
    "CN=gustavo,OU=ME,O=ME,L=SANTIAGO,ST=RM,C=CL" : true
  },
  "principal" : "CN=gustavo,OU=ME,O=ME,L=SANTIAGO,ST=RM,C=CL",
  "peer_certificates" : "1",
  "sso_logout_url" : null
}

“user_name” should be “gustavo” here.

Thanks

llermaly · September 6, 2022, 2:07am

Solved it.

Forgot to add http_enabled: true

Topic		Replies	Views
Client certificate authentication not parsing username Security	1	592	March 25, 2021
Linking TLS certificate CN with user/role Security	1	863	July 9, 2020
User Certifcation Security	1	478	May 24, 2021
Use SAN instead of CN as username_attribute for certificate based authentication Security	1	354	June 23, 2022
Not able to setup client authentication with certificates Security	6	40	January 31, 2025

Username_attribute not working for clientcert_auth_domain

Related topics