UAG Cert AuthN using SubjectCN with bad data in the CN

Hopefully
someone can shed some light on our situation: We are deploying UAG (yes we will
move to WAP down the road this project was in the pipeline already!) using SSL
for client AuthN. The problem is bad PKI directory data and the way the user
certificates are cut. Unfortunately it's not an option to change this. We are
using SubjectCN right now. Although in the SAN field there is the RFC822
populated with the email address. But for now we went down the SubjectCN route.

Setup is like this:

SubjectCN =
lastname firstname username

So we created the shadow accounts using that format for the CN and UPN attributes on
the shadow accounts. (CN=lastname firstname username and UPN = lastname
firstname username@domain.ib.

When the users try to log into UAG it pulls the SubjectCN and then querys AD with that
value against the samaccount name and/or UPN which with the spaces is a no go
I'm guessing.

But for some users UAG rolls over to use the CSolver:CrackADUserName Solver and changes
the user name value to <domain>/lastname firstname username which seems
to work for some users but not all users.

This driving us nuts!


Thanks!!
March 28th, 2014 2:22pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics