security icon indicating copy to clipboard operation
security copied to clipboard
verified publisher icon opensearch-project

[Feature Request] In client certificate authentication add an option to extract the Principal from other cert fields than DN

Open laminelam opened this issue 1 year ago • 3 comments

Is your feature request related to a problem? Please describe

In client cert based authentication the Principal is extracted from the certificate DN (Distinguish Name).

In some situations, we would like to extract the Principal from SAN fields, for example SAN.EMAIL.

The same goes for backend roles

Describe the solution you'd like

Allow the operator to configure OS to instruct it to where to find the Principal and roles information, either from DN or SAN fields

Related component

Plugins

Describe alternatives you've considered

No response

Additional context

This is part of Security Plugin

laminelam avatar Apr 03 '24 19:04 laminelam

@opensearch-project/triage Can this be transferred to the security repo?

cwperks avatar Apr 03 '24 20:04 cwperks

Can you please assign this to me after triage?

laminelam avatar Apr 08 '24 15:04 laminelam

[Triage] Thank you for filing this issue @laminelam! We would gladly accept a PR for this issue. Let me know if you need any code pointers for where to locate this logic or testing practices in this codebase.

cwperks avatar Apr 08 '24 15:04 cwperks