Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
3 replies Latest Post - ‏2014-04-03T17:39:54Z by sgb90
sgb90
sgb90
108 Posts
ACCEPTED ANSWER

Pinned topic Getting certificates from LDAP

‏2013-09-11T14:32:06Z |

Hi everyone,

 

I am performing authentication using certificates.

 

A SOAP client request contains a <wsse:BinarySecurityToken> element with a certificate's Base64 ecoding besides a UsernameToken element. Based on that user, I can obtain through an LDAP search the Base64 encoding of the certificate associated to him as a binary.

 

Which is the best way to validate the certificate given by the client in the SOAP request with that other Base64 encoding obtained from the LDAP search? (I am using an XSLT stylesheet)

 

Regards,

Sebastian

Updated on 2013-09-11T14:32:57Z at 2013-09-11T14:32:57Z by sgb90
  • sgb90
    sgb90
    108 Posts
    ACCEPTED ANSWER

    Re: Getting certificates from LDAP

    ‏2013-09-12T15:00:08Z  in response to sgb90

    Bump.

     

    Additional Info: That base64 comes as a binary, so I should be comparing a string against it. Any ideas or suggestions?

     

    Regards,

    Sebastian

  • akondeti
    akondeti
    48 Posts
    ACCEPTED ANSWER

    Re: Getting certificates from LDAP

    ‏2014-04-03T12:41:07Z  in response to sgb90

    Hello Sebastian,

    I am also looking for the similar scenario..where the certificate subject name is sent through the SOAP UI and it should be validated with the certificate that is stored in LDAP Server and authenticate.

    But I am facing some Issues in Datapower for  LDAP configurations.

    Can you please Help me on this???

    Regards,

    Annapurna Kondeti.

     

    • sgb90
      sgb90
      108 Posts
      ACCEPTED ANSWER

      Re: Getting certificates from LDAP

      ‏2014-04-03T17:39:54Z  in response to akondeti

      Hi Annapurna,

      I remember I was finally able to achieve this but the customer's requirement involved getting the certificate through the User ID and not the certificate subject name. The difference is that our SOAP UI message came already with a certificate as a base64 string in order to compare it with the one stored in OID. I guess that if you store that certificate under a cn named after it's subject name you should be able to retrieve the certificate saved as an attribute on your LDAP.

       

      Regards,

      Sebastian