Elastic login with Smart Card - Parsing certificate fields (Elasticsearch 7.4)


We recently upgraded to v7.4 so we could utilize the new support for smartcard authentication. It works in general, but it's not going to work in our environment because of the formatting of our Active Directory names. The users browser is presenting a DN in a format like so:

CN=LAST.FIRST.M.1070888910, OU=CONTRACTOR, OU=PKI, OU=DoD, O=U.S. Government, C=US

To work with our AD, we need to take that 10-digit number, append '121005@mil' to the end of it, and have Elastic do a lookup on that result (ex: 1070888910121005@mil) for proper group association.

My assumption is that this could be handled in the 'username_pattern' section of our pki realm in xpack security, but I am totally unfamiliar with Lucene regular expressions and Im not even sure if we can do the match/append action in a single statement.

Is there a better way? Is this even possible? Even if we did redo our AD samAccoutName or userPrincipalName to match the cert, we would still need to append '@mil' on the end of it.

Any help or advice is greatly appreciated.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.