tls_client_auth_subject_dn
tls_client_auth_subject_dn claim is now supported in request JWT on POST register API. This claim must contain your TLS MA network certificate (OB Legacy Transport/OBWAC/QWAC) full subject DN details. This claim is MANDATORY to provide for tls_client_auth token authentication method. Not providing the same in expected format will result in failing the registration process.
Below is the list of certificate attributes that are currently supported
CN, OU, O, C, 2.5.4.97
Note: Short name "organizationIdentifier" of numeric oid 2.5.4.97 is currently not supported.
Expected order of the attributes for different types of certificates:
OB Legacy:
CN={common name},OU={organization unit},O={organization name},C={country}
OBWAC/QWAC:
CN={common name}, 2.5.4.97={organization identifier details},O={organization name},C={country}
Examples of tls_client_auth_subject_dn for different certificates:
OB Legacy |
CN=5nuXdvU5VRATljiWQfgk4o,OU=uhZgdp49SzQBuqEKZ7,O=Open Banking Limited,C=GB
|
OBWAC |
CN=xyz.co.uk,2.5.4.97=PSDGB-FCA-1234,O=NATIONWIDE BUILDING SOCIETY,C=GB
|
QWAC(eIDAS) |
CN=xyz.co.uk,2.5.4.97=PSDGB-FCA-1234,O=NATIONWIDE BUILDING SOCIETY,C=GB
|
|