Home > IT Answers > Security > Enabling a Smart card logon to AD using a val...
Advaita
5 pts.
 Enabling a Smart card logon to AD using a value in subjectAltName that is not UPN
Smart Cards, Active Directory, Smart Card Reader, Active Directory Administration
Hello,

In the project I am working on, the client would like to authenticate Smart Cards that have a certificate with a value in subjectAltName that is not a UPN. The value will be an alphanumeric GUID@mydomain.com format. For example: 1891ADDA010@MYFIRM.ORG


How can AD be configured to do a one-to-one mapping based on this value in this X.509 certificate attribute?
From what I have read in all the KB articles AD requires a UPN in the subjectAltName for locating the user. The client is not happy about having to update that certificate with a UPN, as this would be solution specific to AD. Other directories such as eDirectory do not have this requirement.


Has anyone found a way around this restriction for AD and is it MS supported?
Thanks in advance!!

Software/Hardware used:
Active Directory
ASKED: Aug 11, 2011  9:06 PM GMT
UPDATED: March 31, 2012  6:47:17 PM GMT
RELATED QUESTIONS
Advaita
5 pts.
Answer Wiki:
Last Wiki Answer Submitted:  Aug 11, 2011  9:06 PM (GMT)  by  Advaita   5 pts.
To see other answers submitted to the Answer Wiki View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _