An open source enterprise digital identity platform for CIAM or workforce... Janssen is a distribution of standards-based, developer friendly, components that are engineered to work together in any cloud. #OAuth #OpenID #FIDO
Create certificate adding in the subjectDN this jurisdictionCountryName attribute.
Pass via client registration request field tls_client_auth_subject_dn.
Error will be thrown when processing MTLS.
[io.jans.as.server.auth.AuthenticationFilter] (AuthenticationFilter.java:227) - Unknown object id - jurisdictionCountryName - passed to distinguished name java.lang.IllegalArgumentException: Unknown object id - jurisdictionCountryName - passed to distinguished name”
Expected behavior
jurisdictionCountryName should be supported because this is part of Brazil OpenBanking specs.
Actual behavior
BouncyCastle doesn't process it because jurisdictionCountryName is not a standard attribute.
Milton-Ch
commented
3 years ago
As part of OpenBanking Brazil, they have request (https://support.gluu.org/authentication/9904/support-for-short-name-tls_client_auth_subject_dn/) to use
jurisdictionCountryNamein their certificates, however when Janssen AS is processing MTLS, it's throwing an exception because of this attribute is not supported, this is not part of the standard list of attributes.Steps To Reproduce
subjectDNthisjurisdictionCountryNameattribute.tls_client_auth_subject_dn.[io.jans.as.server.auth.AuthenticationFilter] (AuthenticationFilter.java:227) - Unknown object id - jurisdictionCountryName - passed to distinguished name java.lang.IllegalArgumentException: Unknown object id - jurisdictionCountryName - passed to distinguished name”Expected behavior
jurisdictionCountryNameshould be supported because this is part of Brazil OpenBanking specs.Actual behavior
BouncyCastle doesn't process it because
jurisdictionCountryNameis not a standard attribute.