cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

Using CF with a CAC on Apache - getting CN, but I need to get Principal Name - please advise

WolfShade
LEGEND ,
Jan 30, 2020 Jan 30, 2020

Copy link to clipboard

Copied

Hello, all,

 

We are using Apache web server and have modded the mod_jk file to pass things like CN to ColdFusion Server.  This has worked just fine for many, many years.  However, we will soon be experiencing a change with our CACs that has us scrambling to make changes before the deadline.

 

I'd like to switch our apps to authenticate via Principal Name instead of CN.  What changes do I need to make to our Apache config files to pass Principal Name to CF Server?

 

V/r,

 

^ _ ^

TOPICS
Advanced techniques , Asynchronous , Builder , cfchart , Cffiddle , Connector , Database access , Documentation , Event gateways , Flash integration , Getting started , Monitoring , Reporting , Security , Server administration

Views

607

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 4 Replies 4
latest latest Jump to latest reply
Dave Watts Community Expert
Community Expert ,
Feb 01, 2020 Feb 01, 2020

Copy link to clipboard

Copied

You should be able to create whatever CGI variables you want using the SetEnv directive. You shouldn't even have to modify the mod_jk file to do that. Beyond that, I don't know enough about what variables are sent by CACs to provide a more detailed helpful answer. Sorry.

 

Dave Watts, Eidolon LLC

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
WolfShade
LEGEND ,
Feb 11, 2020 Feb 11, 2020

Copy link to clipboard

Copied

All,

 

We are approaching crunchtime.  Does ANYONE know what to add or do with Apache to get the Subject Alternative Name / Principal Name passed to CF Server?  I've been Googling for days and have not found it, yet.

 

V/r,

 

^ _ ^

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
WolfShade
LEGEND ,
Feb 12, 2020 Feb 12, 2020

Copy link to clipboard

Copied

My boss found something.  We modified our mod_jk (or was it mod_ssl?)** file to include the following:

 

setEnvVar SSL_CLIENT_SAN_OTHER_MSUPN_N

 

But even after rebooting the Apache and CF servers, no love.  The above was supposed to add the Subject Alternative Name to the CGI scope, which contains the Principal Name, but it's not adding to the CGI scope.  It's not null or blank, it isn't present in the scope.  Anyone?

 

V/r,

 

^ _ ^

 

EDIT:  We are proxying to DISA servers for the certificates.  Could it be that the DISA proxy isn't supplying this?

 

** It was httpd-ssl.conf.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
WolfShade
LEGEND ,
Feb 13, 2020 Feb 13, 2020

Copy link to clipboard

Copied

LATEST

Nevermind.. we can go ahead and close this.  As it turns out, I thought we needed to authenticate against this value, but as it turns out this is not the case (lack of communication.)

 

Apologies for anyone who took time to give this thought.

 

V/r,

 

^ _ ^

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2023 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices