Management API Reference for x509-subject-alt-name-evidence-decoder

An evidence decoder that derives the principal associated with the given evidence from an X.509 subject alternative name from the first certificate in the given evidence.

Provided Capabilities (1)

Name	Dynamic	Other provider points
org.wildfly.security.evidence-decoder	true	/subsystem=elytron/x500-subject-evidence-decoder=* /subsystem=elytron/custom-evidence-decoder=* /subsystem=elytron/aggregate-evidence-decoder=*

Attributes (2)

alt-name-type - The subject alternative name type to decode from the given evidence. Allowed values: 'rfc822Name', 'dNSName', 'directoryName', 'uniformResourceIdentifier', 'iPAddress', 'registeredID'

Type	STRING
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	all-services
Allowed Values	registeredID iPAddress rfc822Name dNSName directoryName uniformResourceIdentifier
Stability Level	default
Raw DMR model	{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The subject alternative name type to decode from the given evidence. Allowed values: 'rfc822Name', 'dNSName', 'directoryName', 'uniformResourceIdentifier', 'iPAddress', 'registeredID'", "expressions-allowed" : true, "required" : true, "nillable" : false, "allowed" : [ "rfc822Name", "dNSName", "directoryName", "uniformResourceIdentifier", "iPAddress", "registeredID" ], "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services", "capability-reference" : null }

segment - The 0-based occurrence of the subject alternative name to map. This attribute is optional and only used when there is more than one subject alternative name of the given alt-name-type. The default value is 0.

Type	INT
Default Value	0
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	all-services
Min	0
Max	2147483647
Stability Level	default
Raw DMR model	{ "type" : { "TYPE_MODEL_VALUE" : "INT" }, "description" : "The 0-based occurrence of the subject alternative name to map. This attribute is optional and only used when there is more than one subject alternative name of the given alt-name-type. The default value is 0.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : 0, "min" : 0, "max" : 2147483647, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "all-services", "capability-reference" : null }

Operations (2)

add - The add operation for the evidence decoder.

Request Parameter	Type	Required	Expressions Allowed	Default value	Description
alt-name-type	STRING	true	true		The subject alternative name type to decode from the given evidence. Allowed values: 'rfc822Name', 'dNSName', 'directoryName', 'uniformResourceIdentifier', 'iPAddress', 'registeredID'
segment	INT	false	true	0	The 0-based occurrence of the subject alternative name to map. This attribute is optional and only used when there is more than one subject alternative name of the given alt-name-type. The default value is 0.

Raw DMR model


{
    "operation-name" : "add",
    "description" : "The add operation for the evidence decoder.",
    "request-properties" : {
        "alt-name-type" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "STRING"
            },
            "description" : "The subject alternative name type to decode from the given evidence. Allowed values: 'rfc822Name', 'dNSName', 'directoryName', 'uniformResourceIdentifier', 'iPAddress', 'registeredID'",
            "expressions-allowed" : true,
            "required" : true,
            "nillable" : false,
            "allowed" : [
                "rfc822Name",
                "dNSName",
                "directoryName",
                "uniformResourceIdentifier",
                "iPAddress",
                "registeredID"
            ],
            "stability" : "default"
        },
        "segment" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "INT"
            },
            "description" : "The 0-based occurrence of the subject alternative name to map. This attribute is optional and only used when there is more than one subject alternative name of the given alt-name-type. The default value is 0.",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "default" : 0,
            "min" : 0,
            "max" : 2147483647,
            "stability" : "default"
        }
    },
    "reply-properties" : {},
    "stability" : "default",
    "read-only" : false,
    "restart-required" : "resource-services",
    "runtime-only" : false
}

remove - The remove operation for the evidence decoder.

Raw DMR model


{
    "operation-name" : "remove",
    "description" : "The remove operation for the evidence decoder.",
    "request-properties" : {},
    "reply-properties" : {},
    "stability" : "default",
    "read-only" : false,
    "restart-required" : "resource-services",
    "runtime-only" : false
}

Galleon Features

Galleon features are to be used when creating Galleon feature-packs.

subsystem.elytron.x509-subject-alt-name-evidence-decoder

        
<feature spec="subsystem.elytron.x509-subject-alt-name-evidence-decoder">
  <param name="x509-subject-alt-name-evidence-decoder" value="{resource name}"/>
  <param name="alt-name-type" value="{value}"/>
  <param name="segment" value="{value}"/>
<feature/>