Change Certificate Properties when verifing username in "Certified Endpoint" RRS feed

  • Question

  • Currently the "Certified Endpoint" works but not if I try to get it verifing the username.  Currently it is returning the DN = "Timothy Clarkson" but I need to pull back the email name.

    Not sure what files I need to put into CustomUpdate directory, I do not want to use Client Certificate Authentication as I need the users to enter a username/password for SSO.

    Any ideas about which file to put in do modify the default certificate lookup property.



    Tim Clarkson


    Tuesday, December 21, 2010 9:40 AM


All replies

  • It sounds to me, Tim, as if you may be confusing two distinct features:

    1. Certified endpoint, in which UAG reads the computer's certificate and if it's valid, the computer can be considered a certified endpoint. this is discussed here:

    2. User certificate authentication, in which a user logs on with a certificate or SmartCard instead of a user/password set. This is dicsussed here:


    Ben Ari
    Microsoft CSS UAG/IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Monday, December 27, 2010 10:54 PM
    Monday, December 27, 2010 10:53 PM
  • No I understand the two, I haev the certified endpoint working but I am wanting use the feature of the "Certified Endpoint" that makes sure the certificate used was issued to the user.  The problem is that it is using the DN attribute, since the account name is (A123456789) it does not match the user name (Timothy Clarkson), so I have been using the email address.

    I am sure that I need to put in some custom update to change the way the certificate is looked up.



    Tuesday, December 28, 2010 7:55 AM