11-05-2019 08:21 AM - edited 11-05-2019 01:36 PM
Hi,
I am trying to configure a DAP policy that checks for the subject.cn and issuer.cn of a certificate, i can see from the debug logs in ASA that the hostscan is able to retrieve this information and pass to ASA (please correct me if i am wrong)
...
DAP_TRACE: endpoint.certificate.user["1"].subject_fulldn = "C=US, S=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation"
DAP_TRACE[128]: dap_install_endpoint_data_to_lua:endpoint.certificate.user["1"].subject_cn="Microsoft Corporation"
DAP_TRACE: endpoint.certificate.user["1"].subject_cn = "Microsoft Corporation"
...
DAP_TRACE[128]: dap_install_endpoint_data_to_lua:endpoint.certificate.user["1"].issuer_o="Microsoft Corporation"
DAP_TRACE: endpoint.certificate.user["1"].issuer_o = "Microsoft Corporation"
...
But for some reason the DAP policy is falling in the default policy when i test it.
Since in my deployment i am authenticating users via SAML i wonder if this DAP feature is only available when authentication is done via certificate. Could anyone help me understand why is falling in the default DAP policy?
Cheers