jase_40648
May 12, 2009Nimbostratus
Custom Certificate Checks
Hello. We are trying to do some custom checks for a protected configuration. Specifically, we want to verify that not only did the client give a valid certificate, but that their email address in the certificate is appropriate for the user.
For this protected configuration, all users should have a certificate email in the form of username@COMPANY.COM.
I've tried things such as
session.ssl.cert.email == session.user.username+"@COMPANY.COM"
as well as various combinations of surrounding the variables with '%'. I've dumped the session variables and see that they do exist. And I've successfully checked for a specific user with
session.user.username == "SPECIFIC_USER"
and I've also successfully checked for a specific email address with
session.ssl.cert.email == SPECIFIC_USER@COMPANY.COM"
so I know that the variables exist. Is there a way to do the custom check I am trying to accomplish?