Enabling a Smart card logon to AD using a value in subjectAltName that is not UPN

Home Forums Microsoft Networking and Management Services Active Directory Enabling a Smart card logon to AD using a value in subjectAltName that is not UPN

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    advaita
    Member
    #155840

    Hello,

    In the project I am working on, the client would like to authenticate Smart Cards that have a certificate with a value in subjectAltName that is not UPN. The value will be an alphanumeric [email protected] format. For example: [email protected]

    How can AD be configured to do a one-to-one mapping based on this value in this X.509 certificate attribute?

    From what I have read, all the KB articles prefer to have a UPN in the subjectAltName. The client is not happy about having to update that certificate with a UPN, as this would be solution specific to AD. Other directories such as eDirectory do not have this requirement.

    Has anyone found a way around this restriction for AD and is it MS supported?

    Thanks in advance!!

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.