The Subject Attribute To User Attribute Certificate Mapper is configured with the following default mappings:
I wasn't able to successfully map a certificate with the e:mail mapping and I doubt that it works because there is no attribute type e defined in the server's schema.
This being said, I think that e refers to the emailAddress AttributeType from the PKCS#9 schema (IIRC it is displayed as E in many applications on Windows environments).
There are 3 possible ways to fix this issue:
- remove e:mail from the default mappings (as it is more common to use the SubjectAltName for mail addresses)
- include the PKCS#9 emailAddress attribute type in the server's default schema and correct the default configuration for the certificate mapper (emailAddress:mail). I prefer this solution.
- it is no issue because I missed something
Solution 1 and 2 also require an update to the documentation to reflect the changes.
Additionally, it would make sense that the isConfigurationAcceptable method also checks if certAttrName is valid (a valid OID or an attribute type which is defined in the server's schema). At the moment, only the validity of the userAttrName is being checked.