Security

 View Only
  • 1.  Multiple Strip Username Rules Not Working

    Posted Jun 01, 2018 03:05 PM

    I'm trying to strip both the host/ prefix as well as @FQDN from an EAP-TLS authentication and I cannot extract just the username from the request. I have tried multiple variation of the strip username rules:

    /:user,user:@

    user:@,/:user

     

    The engine doesn't appear to be honoring both rules. If I apply the first variation, the resulting username is host/user. If I apply the second variation, the resulting username is user@FQDN. I cannot get just the user no matter how I alter the syntax. What am I missing?



  • 2.  RE: Multiple Strip Username Rules Not Working

    Posted Jun 01, 2018 03:09 PM
    You should not be stripping host. It’s only designed to strip realms. You should use a different service for machine vs user authentications.


  • 3.  RE: Multiple Strip Username Rules Not Working

    Posted Jun 01, 2018 03:13 PM

    We are using a different service, but we need the username for authorization. We're getting a 201 error: authentication failure, user not found.