By: Moacyr Silva Neto named 10 May 2021 at 8:03 a.m. CDT

3 Responses

Question: Validation in this part of the code of repository https://github.com/JanssenProject/jans-auth-server is ``` if (!cn.equals(client.getClientId())) { log.error("Client certificate CN does not match clientId. Reject call, CN: " + cn + ", clientId: " + client.getClientId()); } ``` Now, since the CN for our certificate was generated before we receive the client_id from the register API, how can they match? We would need to generate another certificate? Thank you for your time.

Gluu 4.2.3 Docker Alpine 3.0

closed

By Michael Schwartz Account Admin 10 May 2021 at 8:42 a.m. CDT

Copy

In the client registration script, you should provide the certificate as a parameter (or uri), and set the client_id. Maybe @Madhumita.Subramaniam can provide an example?

By Madhumita Subramaniam staff 10 May 2021 at 9:56 a.m. CDT

Copy

Hi. The curl command below is an example, pass the client certificate as a parameter like its done below ``` curl -X POST -k -H 'Content-Type: application/jwt' -H 'Accept: application/json' -i 'https://myserver.com/jans-auth/restv1/register' --data 'eyJra...' --cert /root/publicClient.pem --key /root/privateClient.key ``` Here is the python code snippet : ``` cert = CertUtils.x509CertificateFromPem(configurationAttributes.get("certProperty").getValue1()) cn = CertUtils.getCN(cert) ``` Don't change ```certProperty ``` in the above lines. Hope it helps you.

By Moacyr Silva Neto named 10 May 2021 at 2:34 p.m. CDT

Copy

Thank you, it worked as expected!

You need to Login in order to post an answer

CN Validadion

By: Moacyr Silva Neto named 10 May 2021 at 8:03 a.m. CDT

Answers

By Michael Schwartz Account Admin 10 May 2021 at 8:42 a.m. CDT

By Madhumita Subramaniam staff 10 May 2021 at 9:56 a.m. CDT

By Moacyr Silva Neto named 10 May 2021 at 2:34 p.m. CDT

Post an answer