dcpAuthVariableExtractor


The Internet of Things: Edge Connect product allows connected users and devices to communicate on a publish-subscribe basis within reserved namespaces. This behavior affects how clients can authenticate themselves to edge servers, and which groups within namespaces are authorized to access topics. When enabled, this behavior allows end users to authenticate their requests with valid x509 client certificates. Either a client identifier or access authorization groups are required to make the request valid.

The behavior extracts the value from the specified field in the client certificate and stores it as a variable for a client identifier or access authorization groups. You can then apply any of these behaviors to transform the value: dcp‚ÄčAuth‚ÄčHMACTransformation, dcp‚ÄčAuth‚ÄčRegex‚ÄčTransformation, or dcp‚ÄčAuth‚ÄčSubstring‚ÄčTransformation.

OptionTypeDescriptionRequires
certificate‚ÄčFieldenum

Specifies the field in the client certificate to extract the variable from.

{"displayType":"enum","options":["SUBJECT_DN","V3_SUBJECT_ALT_NAME","SERIAL","FINGERPRINT_DYN","FINGERPRINT_MD5","FINGERPRINT_SHA1","V3_NETSCAPE_COMMENT"],"tag":"select"}
SUBJECT_‚ÄčDN

Subject distinguished name.

V3_SUBJECT_‚ÄčALT_‚ÄčNAME

Subject alternative name.

SERIAL

Serial number.

FINGERPRINT_‚ÄčDYN

The fingerprint hashed based on the algorithm that was used to generate the signature in the certificate.

FINGERPRINT_‚ÄčMD5

Fingerprint MD5.

FINGERPRINT_‚ÄčSHA1

Fingerprint SHA1.

V3_NETSCAPE_‚ÄčCOMMENT

An X.‚Äč509 v3 certificate extension used to include comments inside certificates.

dcp‚ÄčMutual‚ÄčAuth‚ÄčProcessing‚ÄčVariable‚ÄčIdenum

Where to store the value.

{"displayType":"enum","options":["VAR_DCP_CLIENT_ID","VAR_DCP_AUTH_GROUP"],"tag":"select"}
VAR_‚ÄčDCP_‚ÄčCLIENT_‚ÄčID

Variable for the client ID.

VAR_‚ÄčDCP_‚ÄčAUTH_‚ÄčGROUP

Variable for the access authorization groups.