StarterSTS Documentation

Client certificate configuration (userMappings.config)

This configuration file allows to map an X509 certificate thumbprint to a registered user. This information is used to client certificate authentication (when enabled).

Here's an example of userMappings.config:

<userMappings xmlns="http://www.thinktecture.com/configuration/usermappings">
  <users>
    <!-- associates user dominick with the below certificate -->
    <user name="dominick">
      <mappings>
        <mapping type="X509"
                 value="a4 3c f6 95 db ff 22 17 98 0e e7 5c 97 84 27 26 f9 6b c7 d3" />
      </mappings>
    </user>
  </users>
</userMappings>

Configuration settings

• user@[name]
  Specifies the name of the existing user you want to assign a client certificate to.
• user/mappings/mapping@[type]
  The type attribute must be set to X509.
• user/mappings/mapping@[value]
  Specifies the thumbprint of the client certificate you want to map to.

Identity delegation configuration (userMappings.config)

Furthermore you can also configure identity delegation using the user mappings. In this case specify ActAs as the mapping type and the endpoint address as the value.

<userMappings xmlns="http://www.thinktecture.com/configuration/usermappings">
  <users>
    <!-- allows user dominick to delegate identity to the specified service(s) -->
    <user name="dominick">
      <mappings>
        <mapping type="ActAs"
                 value="https://server/service.svc" />
      </mappings>
    </user>
  </users>
</userMappings>