cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

DAP certificate check

GoncaloContente
Level 1
Level 1

Hi,

I am trying to configure a DAP policy that checks for the subject.cn and issuer.cn of a certificate, i can see from the debug logs in ASA that the hostscan is able to retrieve this information and pass to ASA (please correct me if i am wrong)

...

DAP_TRACE: endpoint.certificate.user["1"].subject_fulldn = "C=US, S=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation"
DAP_TRACE[128]: dap_install_endpoint_data_to_lua:endpoint.certificate.user["1"].subject_cn="Microsoft Corporation"
DAP_TRACE: endpoint.certificate.user["1"].subject_cn = "Microsoft Corporation"

...

DAP_TRACE[128]: dap_install_endpoint_data_to_lua:endpoint.certificate.user["1"].issuer_o="Microsoft Corporation"
DAP_TRACE: endpoint.certificate.user["1"].issuer_o = "Microsoft Corporation"

...

But for some reason the DAP policy is falling in the default policy when i test it.

Cap.PNG

Since in my deployment i am authenticating users via SAML i wonder if this DAP feature is only available when authentication is done via certificate. Could anyone help me understand why is falling in the default DAP policy?

 

Cheers 

Who Me Too'd this topic