#6542 [RFE] Certificate Identity Mapping
Closed: fixed 5 years ago Opened 5 years ago by pvoborni.

FreeIPA already supports Smart Card authentication: the user provides a Smart Card containing a certificate and the user lookup is performed with a binary match of the whole certificate (see User Certificates).

The goal is to extend this feature to support the following cases:

  • the Smart Card contains multiple certificates. The administrator must be able to define Matching rules that will check which certificates are valid for authentication.
  • the Smart Card contains multiple certificates that are valid for authentication. The user must be able to select the certificate he wants to use for login.
  • the Certificate presented by the user is mapped to multiple accounts. The user must be able to disambiguate by providing a username.
  • the mapping between a Certificate and a user account can be done either through binary match of the whole certificate or a match on custom certificate attributes (such as Subject + Issuer).

Metadata Update from @pvoborni:
- Issue assigned to frenaud
- Issue set to the milestone: FreeIPA 4.5

5 years ago


  • 9e24918 Support for Certificate Identity Mapping

Metadata Update from @dkupka:
- Custom field affects_doc reset
- Custom field tester adjusted to wanted
- Issue close_status updated to: None

5 years ago

Metadata Update from @dkupka:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

5 years ago

Login to comment on this ticket.