Credential Certificates Context Variables
The following table lists the predefined context variables related to credential certificates.
gateway83
The following table lists the predefined context variables related to credential certificates.
Variable | Description |
|---|---|
${request.ssl.clientCertificate} | Returns the client side SSL certificate presented by the requestor (this is an X509Certificate object. |
${request.ssl.clientCertificate.base64} | Returns the same certificate as above, but as a Base64-encoded string with no white spaces. |
${request.ssl.clientCertificate.pem} | Returns the same certificate as above, but as a PEM-encoded string; this is formatted in Base64 with newlines, enclosed in the following wrapper: -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- |
${request.wss.signingcertificate} ${request.wss.signingcertificate.base64} ${request.wss.signingcertificate.pem} | These context variables have been replaced by the equivalent versions containing "value.1" (see below). Though these variables still work, it is highly recommended that you adjust your service policies to use the new variables instead. |
${request.wss.signingcertificates .value.1} | Returns the signing certificate of the WSS signature in the original request message. |
${request.wss.signingcertificates .value.1.base64} | Returns the same certificate as above, but as a Base64-encoded string with no white spaces. |
${request.wss.signingcertificates .value.1.pem} | Returns the same certificate as above, but as a PEM-encoded string; this is formatted in Base64 with newlines, enclosed in the following wrapper: -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- |
${ <target >.wss.certificates.count} | Returns the number of certificates found for X.509 tokens. WARNING: The presence of a certificate in a message does not mean it should be trusted. It is recommended that these values are not used for trust decisions. |
${ <target >.wss.certificates.value.X}} | Returns the value of each certificate found for X.509 tokens, with one context variable created for each count. For a complete list of the attributes available for each value, see Certificate Attributes Variables. For example, if request.wss.certificates.count = 1, the following variable might be created: request.wss.certificates.value.1.subject.dn = CN=MyUser,OU=MyGroup,DC=MyCompany,DC=com |
${ <target >.wss.signingcertificates.count} | Returns the number of certificates found for X.509 tokens that have been used in valid signatures. WARNING: The presence of a certificate in a message does not mean it should be trusted. It is recommended that these values are not used for trust decisions. |
${ <target >.wss.signingcertificates.value.X} | Returns the value of each certificate found for X.509 tokens that have been used in valid signatures. For a complete list of the attributes available for each value, see Certificate Attributes Context Variables. |
Note that the certificates contain credential information only when a credential source assertion has been executed in a policy (either Require SSL or TLS Transport Assertion or Require WS-Security Signature Credentials Assertion).