Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request: Authentication with a certificate without Common Name #6820

Open
lpilet opened this issue Jun 4, 2019 · 0 comments

Comments

@lpilet
Copy link

@lpilet lpilet commented Jun 4, 2019

Is your feature request related to a problem? Please describe.
Actually, it's mandatory to have a common name field on your user certificate if you want to use the TLS Certificates auth method. Otherwise, vault returns the error message "missing name in alias".
The point is that CN is not a required field in X.509 and that I use certificates without the CN field.

Describe the solution you'd like
Any solution who permit that the CN wouldn't be a mandatory field anymore. Maybe, using the serial number as an alias name instead.
Also, I think that the common name is used to verify the "allowed_common_name" option. In my case, the field is called "UID". It's maybe possible to check the last field in "Subject" to verify the name of the user.

Describe alternatives you've considered
Is the alias name really mandatory?
Or does he really need to come from the certificate?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.