In this example, users who enter the system with a certificate subject that starts with 'OU=NJ.OU=Sales.O=ABC Co' are assigned the accessor id NJDEPT1 if the certificate was issued by the VeriSign certificate authority.
If the subject matched, but the certificate was issued by another certificate authority, the user is assigned NJDFLT.
TSS ADDTO(NJDEPT1) CERTMAP(NJMAP1)
LABLCMAP('NJ Dept 1 Map')
TRUST
IDNFILTR('OU=VeriSign Class 1 Individual
Subscriber.O=VeriSign,
Inc.L=Internet')
SDNFILTR('OU=NJ.OU=Sales.O=ABC Co')
TSS ADDTO(NJDFLT) CERTMAP(NJDFLT)
LABLCMAP('NJ Dept 1 User')
TRUST
SDNFILTR('OU=NJ.OU=Sales.O=ABC Co')
In this example, users who enter the system with a certificate subject that starts with 'OU=Dept3.OU=NY.OU=Sales.O=ABC Co' are assigned to NJDEPT3:
TSS ADDTO(NYDEPT3) CERTMAP(NJMAP3)
LABLCMAP('NY Dept 3 Map')
TRUST
SDNFILTR('OU=Dept3.OU=NY.OU=Sales.O=ABC Co')
In this example, the application id criteria in addition to the distinguished name are used to determine which ACID to assign. Users in NY sales department Dept2 that handle corporate accounts using application BUSINESS to access the system, are assigned accessor id NYDEPT2B. Users that handle retail accounts using application RETAIL to access the system, is assigned to NYDEPT2R.
The special acid name of MULTIID along with the CRITERIA parameter tells CA Top Secret that if the subject and/or the issuer name information matches, then search the CRITMAP records for a match on application name before assigning an ACID to the user.
TSS ADDTO(MULTIID) CERTMAP(NYMAP2)
LABLCMAP('NY Dept 2 Map')
TRUST
SDNFILTR('OU=Dept2.OU=NY.OU=Sales.O=ABCCo')
CRITERIA(CNFAPP=&CNFAPP)
TSS ADDTO(NYDEPT2B) CRITMAP(NYCRIT2B)
CNFAPP(BUSINESS)
TSS ADDTO(NYDEPT2R) CRITMAP(NYCRIT2R)
10CNFAPP(RETAIL)
|
Copyright © 2009 CA.
All rights reserved.
|
|