'wso2mi 4.1 - Get CN from an X509 certificate for XACML subject-id

I followed applying security to a proxy service article. My problem is that in the XACML request the subject-id property value is an LDAP query "CN=localhost, OU=WSO2, O=WSO2, L=Mountain View, ST=CA, C=US". what should I do to just commonName (CN) value become subject-id?

My entitlement mediator:

<entitlementService 
 callbackClass="org.wso2.micro.integrator.identity.entitlement.mediator.callback.X509EntitlementCallbackHandler"
 remoteServiceUrl=" https://testdomain.org:9444/services/" 
 client="basicAuth" 
 remoteServicePassword="admin" 
 remoteServiceUserName="admin">

XACML request that entitlement mediator made:

<Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" CombinedDecision="false" ReturnPolicyIdList="false">
<Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">
CN=localhost, OU=WSO2, O=WSO2, L=Mountain View, ST=CA, C=US
</AttributeValue></Attribute></Attributes>
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">
read
</AttributeValue></Attribute></Attributes>
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">
/services/SecureProxy/createUser
</AttributeValue></Attribute></Attributes>
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment">
<Attribute AttributeId="IssuerDN" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">
CN=localhost, OU=WSO2, O=WSO2, L=Mountain View, ST=CA, C=US
</AttributeValue></Attribute>
<Attribute AttributeId="SignatureAlgorithm" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">
SHA256withRSA
</AttributeValue></Attribute></Attributes></Request>

WSO2 Micro Integrator 4.1, Identity Server 5.11, and SoapUI 5.7.0.

wso2wso2isx509wso2mi


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

First API with WSO2 APIM 4.0.0, creation seem fine but HTTP 404 when trying to call API

wso2 identity server startup error v 5.11.0 windows 10

WSO2 Private PaaS on AWS EC2 doesn't complete the installation

How do i use wso2 dblookup mediator with mysql? i tried this code on micro integrator

Install WSO2 ESB and Api Manager server in one server

Info required regarding Security+Advisory+WSO2-2021-1603

Ballerina Swan Lake an IDEs. How to get sequence diagrams

WSO2 IS 5.10 - User Portal application missing in service provider list

WSO2 IdendityServer throwing ThreadDeath Exception

The endpoint reference (EPR) for the Operation not found in WSO2 EI 6.6

npm run Build:dev error when doing Advance UI Customization

WSO2 Micro Integrator - DBReport Mediator Return Generated Keys

To Merge CSV Files in WSO2 EI 6.6.0 using file connector 2.0.24

WSO2 Api Manager(wso2am-4.0.0) - Is the default token endpoint changed in wso2am-4.0.0?

How can I add users into a wso2 Identity server tenant via Rest APIs?