Certificate Authentication Profile
Due to API limitations (as of version 3.2) a Certificate Authentication Profile can only be created and updated, but not deleted.
Location in GUI:
Administration » Identity Management » External Identity Sources » Certificate Authentication Profiles
Diagram
Classes
identity_management (ise)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| certificate_authentication_profiles | List | [certificate_authentication_profiles] | No |
certificate_authentication_profiles (ise.identity_management)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[\w\d_\-\.]+$ | Yes | |
| description | String | No | ||
| allowed_as_user_name | Boolean | true, false | No | false |
| match_mode | Choice | NEVER, RESOLVE_IDENTITY_AMBIGUITY, BINARY_COMPARISON | No | NEVER |
| username_from | Choice | CERTIFICATE, UPN | No | CERTIFICATE |
| certificate_attribute_name | Choice | SUBJECT_COMMON_NAME, SUBJECT_ALTERNATIVE_NAME, SUBJECT_SERIAL_NUMBER, SUBJECT, SUBJECT_ALTERNATIVE_NAME_OTHER_NAME, SUBJECT_ALTERNATIVE_NAME_EMAIL, SUBJECT_ALTERNATIVE_NAME_DNS | No | SUBJECT_COMMON_NAME |
| external_identity_store_name | String | No | [not applicable] |
Examples
ise:
identity_management:
certificate_authentication_profiles:
- name: Global_Certificate
description: Global_Certificate
certificate_attribute_name: SUBJECT_COMMON_NAME
allowed_as_user_name: false
match_mode: NEVER
username_from: CERTIFICATE