Variables for Certificate Validation Requests

Use the variables in this table in definitions associated with certificate validation requests. These variables represent data from the certificate validation request as well as the results of various operations performed during the certificate validation process. Refer to Variables for certificate validation requests on the Sterling External Authentication Server Documentation Library.

The following table lists the variables used in certificate validation requests:

Variable Description
Attr Root node representing the results of all attribute queries.
Cert Raw data of the end entity X.509 certificate received in the certificate validation request and the root node of all certificate variables, such as subject and issuer. This variable can be referenced in an attribute assertion statement to perform a binary compare of the certificate received in a request with the certificate returned from an attribute query.
ClientID Client ID in the request. This variable depends on the client application. For example, if the client application is Connect:Direct®, the client ID is the node name. If the client application is Secure Proxy, the client ID is the adapter name.
Exit Root node containing any output variables set by a custom exit.
Ext The X.509 V3 extensions of the end entity certificate, serving as the parent node of each extension variable. See Using X.509 Extensions, for details.
ipAddress or IP IP address in the request, formatted in dotted decimal notation, with leading zeros omitted. Include this variable to use the IP address from the client application as an authentication factor.
  • v—Represents the IP version (either 4 or 6 in the request).
  • x—Hexadecimal representation of the IP address. For example, if IP = 10.20.30.40, then IP.x=0x0a141e28.
  • 0-3—Indices for individual nodes of the dotted decimal. For example, if IP = 10.20.30.40, then IP[0]=10, IP[1]=20, IP[2]=30, and IP[3]=40.
Issuer Certificate issuer field of the end entity certificate, serving as the parent node of the following issuer attribute variables:
  • CN—Common Name
  • L—Locality Name
  • ST—State or Province Name
  • O—Organization Name
  • OU—Organizational Unit Name
  • C—Country Name
  • STREET—Street Address
  • DC—Domain Component
  • UID—User ID
Subject Represents the certificate subject field of the end entity certificate, serving as the parent node of the following subject attribute variables:
  • CN—Common Name
  • L—Locality Name
  • ST—State or Province Name
  • O—Organization Name
  • OU—Organizational Unit Name
  • C—Country Name
  • STREET—Street Address
  • DC—Domain Component
  • UID—User ID
ssl Variables associated with the SSL session the certificate validation request is authenticating. These variables include Server and Client.
  • Server—Indicates whether the certificate belongs to the server in the SSL session. Boolean variable set to true or false.
  • Client—Indicates whether the certificate belongs to the client in the SSL session. Boolean variable set to true or false.