Thanks for the suggestion. I had already tried creating some advanced session variables, and using those too, but I was not successful. I just tried it again too, but still can't get it to work. I created the following session variables:
myemail: session.user.username+"@COMPANY.com"
certuser: REGEX(session.ssl.cert.email, "|(.*)@COMPANY.com|")
Testing both variables using the Save and Test button give proper output. Then I created a custom check for a protected configuration. Specifically, I did the custom check in the Information Leaks section. I've tried various combinations of the following:
session.ssl.cert.email == "%session.asv.myemail%"
session.ssl.cert.email == %session.asv.myemail%
session.user.username == "%session.avs.certuser%"
session.user.username == %session.avs.certuser%
But none of those work. I always get a System Warning, and don't get access to the protected resource. If I remove the custom check, I can get access.
I think either I must be doing something wrong, or this simply is not supported. Any ideas? Thanks in advance!