Forum Discussion

Nimbostratus

Dec 01, 2015

APM iRule Event

I need some assistance on why I get no value for the client certificate CN when running below iRule. The variable $user gets a value but $cn does not :-(. I have looked in /var/log/ltm and nothing. T...

BIG-IP Access Policy Manager (APM)

iRules

security

Lucas_Thompson_

Historic F5 Account

Dec 02, 2015

Also, set the clientssl profile certificate to request. APM has two different ways to do client certs: You can set the clientssl profile to request them, OR you can set the clientssl profile to not request them and use On-Demand cert authentication.

If you use on-demand, the certificate is requested via SSL renegotiation during Access Policy execution and the cert's properties are available as session variables automatically. This means that you don't really have to use irules at all (which is preferred for simplicity's sake), you can use branch rules in the VPE and send the user to a remediation page or whatever user-friendly error you want at the end of the Access Policy.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)