GuideReference
TrainingSupportCommunity

dcp_​auth_​variable_​extractor


The Internet of Things: Edge Connect product allows connected users and devices to communicate on a publish-subscribe basis within reserved namespaces. This behavior affects how clients can authenticate themselves to edge servers, and which groups within namespaces are authorized to access topics. When enabled, this behavior allows end users to authenticate their requests with valid x509 client certificates. Either a client identifier or access authorization groups are required to make the request valid.

The behavior extracts the value from the specified field in the client certificate and stores it as a variable for a client identifier or access authorization groups. You can then apply any of these behaviors to transform the value: dcp​_auth​_hmactransformation, dcp​_auth​_regex​_transformation, or dcp​_auth​_substring​_transformation.

OptionTypeDescriptionRequires
certificate_​fieldenum

Specifies the field in the client certificate to extract the variable from.

{"displayType":"enum","options":["SUBJECT_DN","V3_SUBJECT_ALT_NAME","SERIAL","FINGERPRINT_DYN","FINGERPRINT_MD5","FINGERPRINT_SHA1","V3_NETSCAPE_COMMENT"],"tag":"select"}
SUBJECT_​DN

Subject distinguished name.

V3_SUBJECT_​ALT_​NAME

Subject alternative name.

SERIAL

Serial number.

FINGERPRINT_​DYN

The fingerprint hashed based on the algorithm that was used to generate the signature in the certificate.

FINGERPRINT_​MD5

Fingerprint MD5.

FINGERPRINT_​SHA1

Fingerprint SHA1.

V3_NETSCAPE_​COMMENT

An X.​509 v3 certificate extension used to include comments inside certificates.

dcp_​mutual_​auth_​processing_​variable_​idenum

Where to store the value.

{"displayType":"enum","options":["VAR_DCP_CLIENT_ID","VAR_DCP_AUTH_GROUP"],"tag":"select"}
VAR_​DCP_​CLIENT_​ID

Variable for the client ID.

VAR_​DCP_​AUTH_​GROUP

Variable for the access authorization groups.