cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2093
Views
5
Helpful
0
Replies

DAP certificate check

GoncaloContente
Level 1
Level 1

Hi,

I am trying to configure a DAP policy that checks for the subject.cn and issuer.cn of a certificate, i can see from the debug logs in ASA that the hostscan is able to retrieve this information and pass to ASA (please correct me if i am wrong)

...

DAP_TRACE: endpoint.certificate.user["1"].subject_fulldn = "C=US, S=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation"
DAP_TRACE[128]: dap_install_endpoint_data_to_lua:endpoint.certificate.user["1"].subject_cn="Microsoft Corporation"
DAP_TRACE: endpoint.certificate.user["1"].subject_cn = "Microsoft Corporation"

...

DAP_TRACE[128]: dap_install_endpoint_data_to_lua:endpoint.certificate.user["1"].issuer_o="Microsoft Corporation"
DAP_TRACE: endpoint.certificate.user["1"].issuer_o = "Microsoft Corporation"

...

But for some reason the DAP policy is falling in the default policy when i test it.

Cap.PNG

Since in my deployment i am authenticating users via SAML i wonder if this DAP feature is only available when authentication is done via certificate. Could anyone help me understand why is falling in the default DAP policy?

 

Cheers 

0 Replies 0