When XUUDB is configured in certificate mode (aka 'normal' mode), the XUUDB client (e.g. UNICORE server) can still provide a DN for mapping, which will be happily used. This can lead to a not desired behavior, when a user with a certificate which is in XUUDB DB is allowed.
Desired situation: XUUDB in cert mode should only accept certificates as an input and perform a stric matching. XUUDB in DN mode should accept both and perform DN-only matching.
Log in to post a comment.