SSLIdentities
A comma-separated list of SSL identities that have authorization for the functions included in this role.
You can include a tag prefix to specify whether the SSL identity is a DNS name (dns) or email address (email). If you do not specify a prefix, the server treats the identity as a DNS name. You can include Wildcard values in the SSL identities.
The SSL identity matches the subjectAltName
DNS name or email in the certificate. If the subjectAltName
does not exist, it falls back on the subject Common Name.
To use SSL identities for permissions, you must configure SSL in your IDOL components, and your SSL setup must request certificates from connecting peers, by using SSLCACertificate and SSLCheckCertificate in your [SSLOptionN]
configuration section.
You define the permissions that a particular role has by using StandardRoles, or by specifying the ActionsSSLIdentities
. If a connection matches one of the allowed clients, principals, or SSL identities, they have permission to perform the operations allowed by the role.
Type: | String |
Default: | |
Required: | No |
Configuration Section: | MyAuthorizationRole |
Example: | SSLIdentities=email:user@example.com,dns:admin.example.com,webapp.example.com
This example authorizes a certificate with the subjectAltName values email:user@example.com , dns:admin.example.com , or dns:webapp.example.com . |
See Also: | Clients
GSSPrincipals |