Hi, If you use "SAN(rfc822name)" as the cert-user-oid you will have the full address as username. From then you can use the scripts to do additional authorization if required. regards, Nikos ________________________________________ From: openconnect-devel <openconnect-devel-bounces@xxxxxxxxxxxxxxxxxxx> on behalf of fddi <fddi@xxxxxx> Sent: Thursday, March 12, 2020 7:18 PM To: openconnect-devel@xxxxxxxxxxxxxxxxxxx Subject: authorizing user on Subject Alt Names Hello, I would like to authorize users to connect to ocserv VPN looking at the Subject Alt Name instead of the default OU cert-group-oid. The Subject Alt Name on our certificates has the email address so I Would like to authorize users based on the domain after the "@" for certain specific domains. For example @domain1.org authorized while other email domain may not. Is it possible to implement this in the ocserv configuration ? Thank you Rick _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx https://eur05.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.infradead.org%2Fmailman%2Flistinfo%2Fopenconnect-devel&data=02%7C01%7C%7Ce5fcd80150ed4058d15c08d7c6b1d215%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637196339339923333&sdata=XXSW1iPqhkFlE4OAJA7%2FCSsuNR1L6vGrecB3h9JpIqg%3D&reserved=0 _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
