Certificate Authentication Profile
Due to API limitations (as of version 3.2) a Certificate Authentication Profile can only be created and updated, but not deleted.
Location in GUI: Administration » Identity Management » External Identity Sources » Certificate Authentication Profiles
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”identity_management (ise)
Section titled “identity_management (ise)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| certificate_authentication_profiles | List | [certificate_authentication_profiles] | No |
certificate_authentication_profiles (ise.identity_management)
Section titled “certificate_authentication_profiles (ise.identity_management)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[\w\d_\-\.]+$ | Yes | |
| description | String | No | ||
| allowed_as_user_name | Boolean | true, false | No | false |
| match_mode | Choice | NEVER, RESOLVE_IDENTITY_AMBIGUITY, BINARY_COMPARISON | No | NEVER |
| username_from | Choice | CERTIFICATE, UPN | No | CERTIFICATE |
| certificate_attribute_name | Choice | SUBJECT_COMMON_NAME, SUBJECT_ALTERNATIVE_NAME, SUBJECT_SERIAL_NUMBER, SUBJECT, SUBJECT_ALTERNATIVE_NAME_OTHER_NAME, SUBJECT_ALTERNATIVE_NAME_EMAIL, SUBJECT_ALTERNATIVE_NAME_DNS | No | SUBJECT_COMMON_NAME |
| external_identity_store_name | String | No | [not applicable] |
Examples
Section titled “Examples”ise: identity_management: certificate_authentication_profiles: - name: Global_Certificate description: Global_Certificate certificate_attribute_name: SUBJECT_COMMON_NAME allowed_as_user_name: false match_mode: NEVER username_from: CERTIFICATE