GuideReference
TrainingSupportCommunity
Reference
TrainingSupportCommunity

dcp_​auth_​variable_​extractor

  • Property Manager name: Mutual Authentication
  • Behavior version: The v2023-01-05 rule format supports the dcp_​auth_​variable_​extractor behavior v1.0.
  • Rule format status: GA, stable
  • Access: Read/Write
  • Allowed in includes: No (temporarily)

The Internet of Things: Edge Connect product allows connected users and devices to communicate on a publish-subscribe basis within reserved namespaces. This behavior affects how clients can authenticate themselves to edge servers, and which groups within namespaces are authorized to access topics. When enabled, this behavior allows end users to authenticate their requests with valid x509 client certificates. Either a client identifier or access authorization groups are required to make the request valid.

The behavior extracts the value from the specified field in the client certificate and stores it as a variable for a client identifier or access authorization groups. You can then apply any of these behaviors to transform the value: dcp​_auth​_hmactransformation, dcp​_auth​_regex​_transformation, or dcp​_auth​_substring​_transformation.

OptionTypeDescriptionRequires
certificate_​fieldenum

Specifies the field in the client certificate to extract the variable from.

{"displayType":"enum","options":["SUBJECT_DN","V3_SUBJECT_ALT_NAME","SERIAL","FINGERPRINT_DYN","FINGERPRINT_MD5","FINGERPRINT_SHA1","V3_NETSCAPE_COMMENT"],"tag":"select"}
SUBJECT_​DN
Subject distinguished name.
V3_SUBJECT_​ALT_​NAME
Subject alternative name.
SERIAL
Serial number.
FINGERPRINT_​DYN
The fingerprint hashed based on the algorithm that was used to generate the signature in the certificate.
FINGERPRINT_​MD5
Fingerprint MD5.
FINGERPRINT_​SHA1
Fingerprint SHA1.
V3_NETSCAPE_​COMMENT
An X.​509 v3 certificate extension used to include comments inside certificates.
dcp_​mutual_​auth_​processing_​variable_​idenum 
Where to store the value.
{"displayType":"enum","options":["VAR_DCP_CLIENT_ID","VAR_DCP_AUTH_GROUP"],"tag":"select"}
VAR_​DCP_​CLIENT_​ID
Variable for the client ID.
VAR_​DCP_​AUTH_​GROUP
Variable for the access authorization groups.