Forum Discussion

steven_normole's avatar
steven_normole
Icon for Cirrus rankCirrus
Mar 19, 2025

APM for banner and cert

I need to create an APM that will do the following present an advisory banner, request a certificate extract teh upn and send over to active directory send the user to the backends. Looking fo...
devops
FrontmanFin10's avatar
FrontmanFin10
Icon for Nimbostratus rankNimbostratus
Mar 21, 2025

You'll want the following APM objects in your policy:

 

1) Message Box: (for the advisory banner)

2) Client Cert Inspection: (note that in the LTM clientssl profile you will need to set the client authentication method to require. This will prompt the user to provide their cert at connection to the VS) Client SSL Authentication on BIG-IP as in-depth as it can go | DevCentral

3) I recommend an OCSP responder check here to verify the cert is valid but that is up to you..

4) To extract the the UPN from cert there's two ways to go about this. The following article should help: How to Extract the UPN from a Digital Certificate on a CAC card using F5 APM | DevCentral 

5) After that, you will need an LDAP Query object with the search filter utilizing the variable to which you assigned the extracted UPN. 

 

Hope this helps.