Credential Certificates Context Variables

The following table lists the predefined context variables related to credential certificates.
gateway94
The following table lists the predefined context variables related to credential certificates.
Variable
Description
${request.ssl.clientCertificate}
Returns the client side SSL certificate presented by the requestor (this is an X509Certificate object).
${request.ssl.clientCertificate.base64}
Returns the same certificate as above, but as a Base64-encoded string with no white spaces.
${request.ssl.clientCertificate.pem}
Returns the same certificate as above, but as a PEM-encoded string; this is formatted in Base64 with newlines, enclosed in the following wrapper:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
${request.ssl.clientCertificatesChain}
Returns the certificate chain for inbound connection, captured by the Validate Certificate Assertion to validate the certificate.
${request.wss.signingcertificates
.value.1}
Returns the signing certificate of the WSS signature in the original request message.
${request.wss.signingcertificates
.value.1.base64}
Returns the same certificate as above (${request.wss.signingcertificates.value.1}, but as a Base64-encoded string with no white spaces.
${request.wss.signingcertificates
.value.1.pem}
Returns the same certificate as above (${request.wss.signingcertificates.value.1}, but as a PEM-encoded string; this is formatted in Base64 with newlines, enclosed in the following wrapper:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
${
<
target
>
.wss.certificates.count}
Returns the number of certificates found for X.509 tokens.
WARNING:
The presence of a certificate in a message does not mean it should be trusted. It is recommended that these values are not used for trust decisions.
${
<
target
>
.wss.certificates.value.X}}
Returns the value of each certificate found for X.509 tokens, with one context variable created for each count. For a complete list of the attributes available for each value, see Certificate Attributes Variables.
For example, if request.wss.certificates.count = 1, the following variable might be created:
request.wss.certificates.value.1.subject.dn = CN=MyUser,OU=MyGroup,DC=MyCompany,DC=com
${
<
target
>
.wss.signingcertificates.count}
 
Returns the number of certificates found for X.509 tokens that have been used in valid signatures.
WARNING:
The presence of a certificate in a message does not mean it should be trusted. It is recommended that these values are not used for trust decisions.
${
<
target
>
.wss.signingcertificates.value.X} 
Returns the value of each certificate found for X.509 tokens that have been used in valid signatures. For a complete list of the attributes available for each value, see Certificate Attributes Context Variables.
Note that the certificates contain credential information only when a credential source assertion has been executed in a policy (either Require WS-Security Signature Credentials Assertion).