cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

Using CF with a CAC on Apache - getting CN, but I need to get Principal Name - please advise

WolfShade
LEGEND ,
Jan 30, 2020 Jan 30, 2020

Hello, all,

 

We are using Apache web server and have modded the mod_jk file to pass things like CN to ColdFusion Server.  This has worked just fine for many, many years.  However, we will soon be experiencing a change with our CACs that has us scrambling to make changes before the deadline.

 

I'd like to switch our apps to authenticate via Principal Name instead of CN.  What changes do I need to make to our Apache config files to pass Principal Name to CF Server?

 

V/r,

 

^ _ ^

TOPICS
Advanced techniques , Asynchronous , Builder , cfchart , Cffiddle , Connector , Database access , Documentation , Event gateways , Flash integration , Getting started , Monitoring , Reporting , Security , Server administration
683
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 4 Replies 4
latest latest Jump to latest reply
Dave Watts Community Expert
Community Expert ,
Feb 01, 2020 Feb 01, 2020

You should be able to create whatever CGI variables you want using the SetEnv directive. You shouldn't even have to modify the mod_jk file to do that. Beyond that, I don't know enough about what variables are sent by CACs to provide a more detailed helpful answer. Sorry.

 

Dave Watts, Eidolon LLC

Dave Watts, Eidolon LLC
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
WolfShade
LEGEND ,
Feb 11, 2020 Feb 11, 2020

All,

 

We are approaching crunchtime.  Does ANYONE know what to add or do with Apache to get the Subject Alternative Name / Principal Name passed to CF Server?  I've been Googling for days and have not found it, yet.

 

V/r,

 

^ _ ^

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
WolfShade
LEGEND ,
Feb 12, 2020 Feb 12, 2020

My boss found something.  We modified our mod_jk (or was it mod_ssl?)** file to include the following:

 

setEnvVar SSL_CLIENT_SAN_OTHER_MSUPN_N

 

But even after rebooting the Apache and CF servers, no love.  The above was supposed to add the Subject Alternative Name to the CGI scope, which contains the Principal Name, but it's not adding to the CGI scope.  It's not null or blank, it isn't present in the scope.  Anyone?

 

V/r,

 

^ _ ^

 

EDIT:  We are proxying to DISA servers for the certificates.  Could it be that the DISA proxy isn't supplying this?

 

** It was httpd-ssl.conf.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
WolfShade
LEGEND ,
Feb 13, 2020 Feb 13, 2020
LATEST

Nevermind.. we can go ahead and close this.  As it turns out, I thought we needed to authenticate against this value, but as it turns out this is not the case (lack of communication.)

 

Apologies for anyone who took time to give this thought.

 

V/r,

 

^ _ ^

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices