Support for Subject Alternative Name (SAN)

ASE supports CAC authentication using the Subject Alternative Name attribute.

In addition to the steps described in Authenticating with the Common Access Card (CAC), do the following:
  1. Modify the server.xml file:
    1. Locate the server.xml file, at:
      <install-dir>\AppScan Enterprise\Liberty\usr\servers\<ase instance name>\server.xml
    2. In the <ldapRegistry> section of the file, add or edit these two attributes to look like this:
      • certificateMapMode="CUSTOM"
      • certificateMapperId="customLdapMapper"
  2. SAN is a composite attribute containing other attributes, so you must specify the mapping to specifically fetch the LDAP attribute in the configuration JAR file:
    1. Locate the SanAttributeReader.jar file of your AppScan Enterprise instance in:
      <install-dir>\AppScan Enterprise\Liberty\usr\servers\ase\lib\ SanAttributeReader.jar
    2. Rename it and retrieve the file it contains.
    3. Edit as needed.
    4. Once you have verified that everything works fine, make sure to set the Logging value to off.