The following CA Top Secret command examples are based on the tree directory structure.
Examples: certificate name filters
In this example, users enter the system with a certificate subject that starts with:
OU=NJ.OU=Sales.O=ABC Co
These users are assigned ACID NJDEPT1 if the certificate was issued by the VeriSign certificate authority. If the subject matched but the certificate was issued by another certificate authority the user is assigned ACID NJDFLT.
TSS ADD(NJDEPT1) CERTMAP(NJMAP1)
LABLCMAP('NJ Dept 1 Map')
TRUST
IDNFILTR('OU=VeriSign Class 1 Individual
Subscriber.O=VeriSign, Inc.L=Internet')
SDNFILTR('OU=NJ.OU=Sales.O=ABC Co')
TSS ADD(NJDFLT) CERTMAP(NJDFLT)
LABLCMAP('NJ Default user')
TRUST
SDNFILTR('OU=NJ.OU=Sales.O=ABC Co')
In this example, users enter the system with a certificate subject that starts with:
OU=Dept3.OU=NY.OU=Sales.O=ABC Co
These users are assigned ACID NYDEPT3.
TSS ADD(NYDEPT3) CERTMAP(NYMAP3)
LABLCMAP('NY Dept 3 Map')
TRUST
SDNFILTR('OU=Dept3.OU=NY.OU=Sales.O=ABC Co')
In this example additional criteria (in this case application id) decide which ACID to assign. Users in NY sales department Dept2 that handle corporate accounts (they use application BUSINESS to access the system) is assigned ACID NYDEPT2B and users that handle retail accounts (they use application RETAIL to access the system) is assigned ACID NYDEPT2R.
The special ACID name of MULTIID along with the CRITERIA parameter tells CA Top Secret that if the subject and/or the issuer name information matches, then search the CRITMAP records for a match on application name before assigning an ACID to the user.
TSS ADD(MULTIID) CERTMAP(NYMAP2)
LABLCMAP('NY Dept 2 Map')
TRUST
SDNFILTR('OU=Dept2.OU=NY.OU=Sales.O=ABC Co')
CRITERIA(CNFAPP=&CNFAPP)
TSS ADD(NYDEPT2B) CRITMAP(NYCRIT2B)
CNFAPP(BUSINESS)
TSS ADD(NYDEPT2R) CRITMAP(NYCRIT2R)
CNFAPP(RETAIL)
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|