CollapseAll image

Get the Credential Context used by the Active Profile

The following steps describe how to retrieve the credentials (client and root certificates) used in a profile to identify the user against the authenticating server.

1.  Retrieve the instance of AMT_8021XProfile, where the “InstanceID” key equals “Intel(r) AMT 802.1x Profile 0”.

2.  From the AMT_8021XProfile instance, traverse the AMT_8021xCredentialContext association class to find the instance of AMT_PublicKeyCertificate.

3.  For a Root Certificate look for an instance of AMT_PublicKeyCertificate where the “TrustedRootCertificate” field equals “true”.

4.  For a Client Certificate look for an instance of AMT_PublicKeyCertificate where the “TrustedRootCertificate” field equals “false”.

5.  Examine AMT_PublicKeyCertificate.ElementName, AMT_PublicKeyCertificate.X509Certificate, AMT_PublicKeyCertificate.Issuer, etc.

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

  

# Create a reference to AMT_8021XProfile instance.

$8021XProfileRef =$wsmanConnectionObject.NewReference("SELECT * FROM AMT_8021XProfile WHERE InstanceID='Intel(r) AMT 802.1x Profile 0'")

$8021XProfileInstance =$8021XProfileRef.Get()

$8021xCredentialContextRef =$wsmanConnectionObject.NewReference("AMT_8021xCredentialContext")

$8021xCredentialContextRef.AddSelector("ElementProvidingContext",$8021XProfileRef)

# Traverse to the AMT_8021xCredentialContext instances that are connected to the AMT_8021XProfile.

foreach($8021xCredentialContextItem in$8021xCredentialContextRef.Enumerate("http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter",$null))

{

    # For each instance, check if it is associated to the AMT_PublicKeyCertificate instance.

if($8021xCredentialContextItem.Object.GetProperty("ElementInContext").IsA("AMT_PublicKeyCertificate"))

    {

          # For root certificate:

          #Get the AMT_PublicKeyCertificate object using its EPR.

          $publicKeyCertificateInstance =$8021xCredentialContextItem.Object.GetProperty("ElementInContext").Ref.Get()

          if($publicKeyCertificateInstance.GetProperty("TrustedRootCertficate") -like "true")

          {

                $elementName =$publicKeyCertificateInstance.GetProperty("ElementName")

                $x509Certificate =$publicKeyCertificateInstance.GetProperty("X509Certificate")

                $issuer =$publicKeyCertificateInstance.GetProperty("Issuer")

          }

    }

}

 

 

Instance Diagram

Classes Used in This Flow

SDK Sample

Not applicable

 

Copyright © 2006-2022, Intel Corporation. All rights reserved.