Setting the user ID pattern for certificate authentication
- If the user ID is valid and is authorized to access the InfoSphere Streams domain or instance, you can authenticate without having to enter a user ID and password.
- If the user ID is not valid, you are prompted for a user ID and
password. Note: This scenario applies to the InfoSphere Streams REST API only when you are accessing it from a browser and did not already log on by using the Streams Console in the same browser session.
${element} ${element, regex, replacement}
About this task
The user ID pattern is a pattern that consists of reserved keywords and regular expressions. This pattern specifies the DN information that InfoSphere Streams uses to construct a user ID for certificate authentication.
For more information about the streamtool commands in the following procedure, enter streamtool man command-name. For more information about the security.certificateUserRegularExpression property, enter streamtool man domainproperties.
Procedure
Example
This example shows how to update the default pattern to construct the user ID from DN field values other than the default cn field value.
The client certificate in this example contains the DN information in the following table. By default, ${cn} is used for the user ID pattern, which indicates that InfoSphere Streams uses RobertSmith as the user ID for certificate authentication.
User information | DN field | DN value |
---|---|---|
Common name of the certificate owner | cn | RobertSmith |
Email address of the certificate owner | EMAILADDRESS | resmith@us.ibm.com |
Organizational unit | OU | InfosphereStreams |
Organization | O | IBM |
City | L | Raleigh |
State | ST | NC |
Country | C | US |
${cn}@${L,Raleigh,Rochester}@${ST,NC,MN}
To
construct the user ID based on this pattern, InfoSphere Streams performs
the following operations:- Extracts the cn value (RobertSmith).
- Appends the L value (Raleigh) and replaces Raleigh with Rochester.
- Appends the ST value (NC) and replaces NC with MN.
${EMAILADDRESS,(us.ibm.com),us}
To
construct the user ID based on this pattern, InfoSphere Streams performs
the following operations:- Extracts the EMAILADDRESS value (resmith@us.ibm.com).
- Replaces us.ibm.com with us.