search

TheHive-Project / TheHive

TheHive: a Scalable, Open Source and Free Security Incident Response Platform
https://thehive-project.org
GNU Affero General Public License v3.0
3.42k stars 623 forks source link

Additional user attribute for X509 based authentication #442

Open crackytsi opened 6 years ago

crackytsi commented 6 years ago

Request Type

Feature Request

Work Environment

Question Answer
OS version (server) Debian
OS version (client) Seven using Chrome Browser
TheHive version / git hash 3.0.3
Package Type DEB

Problem Description

Currently we use LDAP based authentication with short usernames. To use certificate based authentication it would be necessary to recreate each account with a different username. As we use UPN (UserPrincipalName) as uniq identifier in our Smartcards both authentication schemes at the same time are not possible.

Possible Solutions

Users could possibly have an additional (external) attribute that can be used for authentication. The x509 authentication could be made configurable which attribute is used. Alternatively fullname attribute could be used (if mapable).

crackytsi commented 6 years ago

@To-om: Do you have a timeframe/plan for this feature request? As this would help us a lot :)

Our users work with logins like fschneier for Frank schneider and with an UPN certificate Frank.Schneier@company.org