THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Often, users want to extract one of the field (e.g., CN) as the principal name. Currently in order to
customize SSL username a customized principal builder class is required. Having built-in
SSL principal builder configs/rules that allows to customize SSL principal name will be useful.
Public Interfaces
Option 1:
Add new configuration parameter pair of the form:
...
For the pattern portion of the pairing, regular expression syntax is used to parse the original identity into components.
The value portion of the pairing uses these parsed components in variable substition substitution format to build the translated version of the idenityidentity.
Above example, we only want to extract the CN part of the Subject and use it as the principal name of the client.
For the distinguished name "CN=userName, OU=OrgUnit, DC=Company", above pattern returns "userName" as the principal name.
This is a simple option and handles most of the common use cases.
Option 2:
Similar to SASL kerberos principal rules, we can have list of SSL principal mapping rules.
...