- Property Manager name: Mutual Authentication
- Behavior version: The
v2024-10-21
rule format supports thedcpAuthVariableExtractor
behavior v1.0. - Rule format status: GA, stable
- Access: Read/Write
- Allowed in includes: No (temporarily)
The Internet of Things: Edge Connect product allows connected users and devices to communicate on a publish-subscribe basis within reserved namespaces. This behavior affects how clients can authenticate themselves to edge servers, and which groups within namespaces are authorized to access topics. When enabled, this behavior allows end users to authenticate their requests with valid x509 client certificates. Either a client identifier or access authorization groups are required to make the request valid.
The behavior extracts the value from the specified field in the client certificate and stores it as a variable for a client identifier or access authorization groups. You can then apply any of these behaviors to transform the value: dcpAuthHMACTransformation
, dcpAuthRegexTransformation
, or dcpAuthSubstringTransformation
.
Option | Type | Description | Requires | |
---|---|---|---|---|
certificateField | enum | Specifies the field in the client certificate to extract the variable from. | {"displayType":"enum","options":["SUBJECT_DN","V3_SUBJECT_ALT_NAME","SERIAL","FINGERPRINT_DYN","FINGERPRINT_MD5","FINGERPRINT_SHA1","V3_NETSCAPE_COMMENT"],"tag":"select"} | |
SUBJECT_DN | Subject distinguished name. | |||
V3_SUBJECT_ALT_NAME | Subject alternative name. | |||
SERIAL | Serial number. | |||
FINGERPRINT_DYN | The fingerprint hashed based on the algorithm that was used to generate the signature in the certificate. | |||
FINGERPRINT_MD5 | Fingerprint MD5. | |||
FINGERPRINT_SHA1 | Fingerprint SHA1. | |||
V3_NETSCAPE_COMMENT | An X.509 v3 certificate extension used to include comments inside certificates. | |||
dcpMutualAuthProcessingVariableId | enum | Where to store the value. | {"displayType":"enum","options":["VAR_DCP_CLIENT_ID","VAR_DCP_AUTH_GROUP"],"tag":"select"} | |
VAR_DCP_CLIENT_ID | Variable for the client ID. | |||
VAR_DCP_AUTH_GROUP | Variable for the access authorization groups. |