Sec/User Mgmt: Step 4. Configure User Principal Settings

Document created by RSA Information Design and Development on Sep 19, 2017Last modified by RSA Information Design and Development on Oct 2, 2017
Version 3Show Document
  • View in full screen mode

This topic describes how you can specify an attribute in a certificate to uniquely identify the user for Public Key Infrastructure (PKI) authentication.

You must specify an attribute with user name or user id, in a certificate, to uniquely identify the user. A certificate may contain user name or user id in Extension (Non standard custom attributes), Subject DN or Subject Alternative Name field and NetWitness Server must be configured to read the value of this attribute. The NetWitness Server uses the extracted value of this attribute for authorization and retrieves the user groups from an Active Directory (AD) server. By default, NetWitness Server extracts the entire value of the selected attribute, without filtering any characters. You can use regular expression (REGEX) to refine the value extracted.

To configure user principal settings:

  1. In NetWitness Suite, select  ADMIN > Security.
    The Security view is displayed with the Users tab open.
  2. Click the Settings tab.
  3. In the User Principal settings, click Configure.
    The User Principal Settings dialog is displayed.
  4. In the Certificate field, paste the BASE64 encoded user certificate.
    BASE64 encoded user certificate
  5. Click Next.
    The Extensions, SubjectDN and Subject Alternative name fields are displayed.
  6. Select a unique field that reflects the user name or user id.
    User name example
  7. Click Test.
    The user name or user principal name is extracted and displayed within square brackets.
    User name in brackets
  • If the extracted user principal name does not match the AD user name, you can modify the Regex to extract the exact user name and click Test.
    If the extracted value does not contain the Active Directory user name as a unique value and if it contains a uniquely identifiable attribute of the user such as EmpNo or EmpID. You must configure the custom LDAP filter in the Active Directory which uniquely identifies the user object. For more information to configure custom LDAP filter, see Step 1. Configure Active Directory.
  1. Click Save to update the NetWitness Server.

Note: If the User Principal Setting is incorrect, NetWitness Server will not allow you to access NetWitness Suite UI. In this case, to access the NetWitness Suite UI you must revert or disable PKI from the backend. For more information to disable PKI, see Disable PKI.

Next Step:

Step 5. Import Certificate Revocation List

You are here
Table of Contents > Sec/User Mgmt: Step 4. Configure User Principal Settings