On Wed, Jun 14, 2017 at 08:47:31PM +0000, Osama Al-Hassani wrote: > When verifying client certificates we are only able to receive CN data, > and cannot get a hold of the SANs. The request data sent to the policy > server does not contain any SAN attributes.
That's correct. The subject alternative names of client certificates
are not exposed via the policy protocol.
> Is there a way to achieve this, possibly via a configuration parameter?
No.
--
Viktor.
