eai-data
Use the eai-data stanza entry to specify which client certificate data elements are passed to the external authentication interface (EAI) application by WebSEAL.
Syntax
eai-data = data:header_nameDescription
The client certificate data elements that will be passed to the EAI application. Multiple pieces of client certificate data can be passed to the EAI application by including multiple eai-data configuration entries.
Options
header_name- Used to indicate the name of the HTTP header which will contain the data.
data- Used
to indicate the data that will be included in the header.
It should be one of the following:
- AlternativeDirectoryName
- AlternativeDNSName
- AlternativeIPAddress
- AlternativeURI
- AlternativeEmail
- Base64Certificate
- SerialNumber
- SubjectCN
- SubjectLocality
- SubjectState
- SubjectCountry
- SubjectOrganization
- SubjectOrganizationalUnit
- SubjectDN
- SubjectPostalCode
- SubjectEmail
- SubjectUniqueID
- IssuerCN
- IssuerLocality
- IssuerState
- IssuerCountry
- IssuerOrganization
- IssuerOrganizationUnit
- IssuerDN
- IssuerPostalCode
- IssuerEmail
- IssuerUniqueID
- Version
- SignatureAlgorithm
- ValidFrom
- ValidFromEx
- ValidTo
- ValidToEx
- PublicKeyAlgorithm
- PublicKey
- PublicKeySize
- FingerprintAlgorithm
- Fingerprint
Usage
This stanza entry is required for EAI based client certificate authentication.
Default value
no
Example
eai-data = SubjectCN:eai-cn
eai-data = SubjectDN:eai-dn