CollapseAll image

Get the Credential Context used by the Active Profile

The following steps describe how to retrieve the credentials (client and root certificates) used in a profile to identify the user against the authenticating server.

1.  Retrieve the instance of IPS_IEEE8021xSettings, where the “InstanceID” key equals “Intel(r) AMT: 8021X Settings”.

2.  From the IPS_IEEE8021xSettings instance, traverse the IPS_8021xCredentialContext association class to find the instances of AMT_PublicKeyCertificate.

3.  For a Root Certificate look for an instance of AMT_PublicKeyCertificate where the “TrustedRootCertificate” field equals “true”.

4.  For a Client Certificate look for an instance of AMT_PublicKeyCertificate where the “TrustedRootCertificate” field equals “false”.

5.  Examine AMT_PublicKeyCertificate.ElementName, AMT_PublicKeyCertificate.X509Certificate, AMT_PublicKeyCertificate.Issuer, etc.

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

  

# Create a reference to IPS_IEEE8021xSettings instance.

$iee8021xSettingsRef =$wsmanConnectionObject.NewReference("SELECT * FROM IPS_IEEE8021xSettings WHERE InstanceID='Intel(r) AMT: 8021X Settings'")

$8021xCredentialContextRef =$wsmanConnectionObject.NewReference("IPS_8021xCredentialContext")

$8021xCredentialContextRef.AddSelector("ElementProvidingContext",$iee8021xSettingsRef)

# Traverse to the AMT_8021xCredentialContext instances that are connected to the AMT_8021XProfile.

foreach($8021xCredentialContextItem in$8021xCredentialContextRef.Enumerate("http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter",$null))

{

    # For each instance, check if it is associated to the AMT_PublicKeyCertificate instance.

if($8021xCredentialContextItem.Object.GetProperty("ElementInContext").IsA("AMT_PublicKeyCertificate"))

    {

          # For root certificate:

 

          #Get the AMT_PublicKeyCertificate object using its EPR.

          $publicKeyCertificateInstance =$8021xCredentialContextItem.Object.GetProperty("ElementInContext").Ref.Get()

          if($publicKeyCertificateInstance.GetProperty("TrustedRootCertficate") -like "true")

          {

                $elementName =$publicKeyCertificateInstance.GetProperty("ElementName")

                $x509Certificate =$publicKeyCertificateInstance.GetProperty("X509Certificate")

                $issuer =$publicKeyCertificateInstance.GetProperty("Issuer")

          }

    }

}

 

 

Instance Diagram

Classes Used in This Flow

SDK Sample

Not applicable

 

Copyright © 2006-2022, Intel Corporation. All rights reserved.