Hi,

We are applying SLM policy based on a client certificate, the Client certificate will be as part of Mutual TLS.

We were able to apply the threshold limits by retrieving the Subject DN of client certificate using AAA Action and then use the same in Credential Class of SLM Statement. Everything is working as expected.

But we were thinking, the AAA Action just does the retrieval of Subject DN. The actual limits applying is done in SLM Statement using Credential Type as Mapped Credential.

So we thought of eliminating AAA Action. We tried using the Custom Stylesheet option in SLM Credential class to retrieve the Subject DN by using auth-info "dp:auth-info('ssl-client-subject')" function and we were able retrieve it.

But the problem is, I am not finding much information what value the Style sheet should return to SLM Statement or what exactly the custom style sheet has to do. I tried returning true or false from xslt based on the Subject DN validation, but it didn't help.

So any pointers on how to use the Custom Stylesheet option would be helpful.

Hi,

if you want the credential class to match, you can output the following:

<result>

<match/>

<value><xsl:value-of select="<here comes the identity that matches>"/></value>

</result>

--HP