From 2042b28edb70471922dc8c2fb49a94c3fae4bed0 Mon Sep 17 00:00:00 2001 From: Jake Landis Date: Fri, 5 Jan 2024 16:22:11 -0600 Subject: [PATCH] review update --- .../security/authentication/configuring-pki-realm.asciidoc | 2 +- docs/reference/settings/security-settings.asciidoc | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/reference/security/authentication/configuring-pki-realm.asciidoc b/docs/reference/security/authentication/configuring-pki-realm.asciidoc index 499113989be14..428e6f73fb239 100644 --- a/docs/reference/security/authentication/configuring-pki-realm.asciidoc +++ b/docs/reference/security/authentication/configuring-pki-realm.asciidoc @@ -37,7 +37,7 @@ realms you specify are used for authentication. If you also want to use the -- -. Optional: The username (as defined by the username_pattern) is used for auditing and logging. +. Optional: The username is defined by the <>. If you want to use something other than the CN of the Subject DN as the username, you can specify a regex to extract the desired username. The regex is applied on the Subject DN. diff --git a/docs/reference/settings/security-settings.asciidoc b/docs/reference/settings/security-settings.asciidoc index 494dc428a295b..6a60a8a6703fe 100644 --- a/docs/reference/settings/security-settings.asciidoc +++ b/docs/reference/settings/security-settings.asciidoc @@ -1015,7 +1015,8 @@ the following settings: `username_pattern`:: (<>) The regular expression pattern used to extract the username from the -certificate DN. The username is used for auditing and logging (not role mapping). +certificate DN. The username is used for auditing and logging. The username can also be used +with the <> and <>. The first match group is the used as the username. Defaults to `CN=(.*?)(?:,|$)`.