I was wondering, If you are using a SmartCard to authenticate to the network using the CSACS 5.0 software, is it possible to set the ACS to look at other information besides the three given options. I can get the ACS to take the e-mail address off of my smartcard. However, I need it to take the userPrincipalName off of my smartcard. I can do this easily with the ASA.
I wanted to do something similar to what I have setup on the ASA
Currently I have the following on the ASA:
1. A user places there smart card into the reader.
2. Next, they log into the AnyConnect client.
3. The AnyConnect client sends the information to the ASA.
4. The ASA checks the userPrincipalName off of the SmartCard and sends the information to two places:
a. Active Directory
b. Revocation Server
I want to be able to pull this same information off of the SmartCard using the ACS with EAP-TLS. The ACS definitely sees the information because the UserPrincipalName shows up as the user in the ACS logs next to the e-mail address.
Any help would be greatly appreciated.