Edit Rule Element
Client certificates can contain identification information, such as company names, localities, or e-mail addresses, formatted into arrangements of fields and subfields. Your Web server can inspect this identification information in order to create a Windows NT account mapping.
Using the rule element editor you can define rules that create a mapping if an individual subfield, rather than an entire certificate, meets your acceptance criteria. This means that you do not have to explicitly map each userÆs client certificate, and thus do not require a userÆs certificate file to define a mapping, as is the case with the one-to-one mapping. For example, you can use the rule editor to quickly map all client certificates issued to the financing department of a particular company - regardless of user identity - to a Windows NT user account.
Match Capitalization
Select this check box to make your rule element case sensitive.
Certificate Field
Use this drop-down list box to select or enter the certificate field name. Fields are comprised of subfields that contain specific identification information. Field names represent general categories of information; typical field names are Client (Subject), Issuer, and Serial Number.
Subfield
Use this drop down box to select or enter the certificate subfield name. Subfields contain the certificateÆs specific identification information, such as the clientÆs name or the issuerÆs Internet address. Valid subfield content can vary depending on how much information the client provided to the certificate authority when the certificate was issued. You may want to consult the certification authority to obtain updated subfield formatting information.
Your Web server rule editor includes several, non-standard subfields categories. These include the following:
Criteria
Use this text box to specify the criteria for matching field and subfield information. You can use the wildcard character to partially specify the text of your criteria.