The following steps describe how to retrieve the credentials (client and root certificates) used in a profile to identify the user against the authenticating server.
1. Retrieve the instance of IPS_IEEE8021xSettings, where the “InstanceID” key equals “Intel(r) AMT: 8021X Settings”.
2. From the IPS_IEEE8021xSettings instance, traverse the IPS_8021xCredentialContext association class to find the instances of AMT_PublicKeyCertificate.
3. For a Root Certificate look for an instance of AMT_PublicKeyCertificate where the “TrustedRootCertificate” field equals “true”.
4. For a Client Certificate look for an instance of AMT_PublicKeyCertificate where the “TrustedRootCertificate” field equals “false”.
5. Examine AMT_PublicKeyCertificate.ElementName, AMT_PublicKeyCertificate.X509Certificate, AMT_PublicKeyCertificate.Issuer, etc.
Click here for a snippet demonstrating this step
You can execute this snippet by inserting it into the execution template found here.
# Create a reference to IPS_IEEE8021xSettings instance.
$iee8021xSettingsRef =$wsmanConnectionObject.NewReference("SELECT * FROM IPS_IEEE8021xSettings WHERE InstanceID='Intel(r) AMT: 8021X Settings'")
$8021xCredentialContextRef =$wsmanConnectionObject.NewReference("IPS_8021xCredentialContext")
$8021xCredentialContextRef.AddSelector("ElementProvidingContext",$iee8021xSettingsRef)
# Traverse to the AMT_8021xCredentialContext instances that are connected to the AMT_8021XProfile.
foreach($8021xCredentialContextItem in$8021xCredentialContextRef.Enumerate("http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter",$null))
{
# For each instance, check if it is associated to the AMT_PublicKeyCertificate instance.
if($8021xCredentialContextItem.Object.GetProperty("ElementInContext").IsA("AMT_PublicKeyCertificate"))
{
# For root certificate:
#Get the AMT_PublicKeyCertificate object using its EPR.
$publicKeyCertificateInstance =$8021xCredentialContextItem.Object.GetProperty("ElementInContext").Ref.Get()
if($publicKeyCertificateInstance.GetProperty("TrustedRootCertficate") -like "true")
{
$elementName =$publicKeyCertificateInstance.GetProperty("ElementName")
$x509Certificate =$publicKeyCertificateInstance.GetProperty("X509Certificate")
$issuer =$publicKeyCertificateInstance.GetProperty("Issuer")
}
}
}
Instance Diagram
Classes Used in This Flow
SDK Sample
Not applicable
Copyright © 2006-2022, Intel Corporation. All rights reserved. |