Chapter 3: Condition Reference
147
user.x509.issuer=Tests the issuer of the x509 certificate used in authentication to certificate realms. The
user.x509.issuer= condition is primarily useful in constructing explicit certificate revocation lists.
This condition will only be true for users authenticated against a certificate realm.
Syntax
user.x509.issuer=issuer_DN
where issuer_DN is an RFC2253 LDAP DN, appropriately escaped. Comparisons are case-sensitive.
Layer and Transaction Notes
•Use in <Proxy>, <Admin>, and <Exception> Layers.
• Applies to proxy transactions.
See Also
• Conditions: user.x509.serialNumber=, user.x509.subject=
•Properties: authenticate( ), authenticate.force( )