Certificate field to be compared with the Attribute. The allowed values and their meaning are:
"certificate-thumbprint" - The attribute is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate.
"common-name" - The attribute is extracted from the certificate's first instance of the Common Name attribute in the Subject DN.
"common-name-last" - The attribute is extracted from the certificate's last instance of the Common Name attribute in the Subject DN.
"subject-alternate-name-msupn" - The attribute is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.
"uid" - The attribute is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN.
"uid-last" - The attribute is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN.
"org-unit" - The attribute is extracted from the certificate's first instance of the Org Unit attribute in the Subject DN.
"org-unit-last" - The attribute is extracted from the certificate's last instance of the Org Unit attribute in the Subject DN.
"issuer" - The attribute is extracted from the certificate's Issuer DN.
"subject" - The attribute is extracted from the certificate's Subject DN.
"serial-number" - The attribute is extracted from the certificate's Serial Number.
"dns-name" - The attribute is extracted from the certificate's Subject Alt Name DNSName.
"ip-address" - The attribute is extracted from the certificate's Subject Alt Name IPAddress.
Certificate field to be compared with the Attribute. The allowed values and their meaning are: