Forum Discussion

Nimbostratus

Dec 01, 2015

APM iRule Event

I need some assistance on why I get no value for the client certificate CN when running below iRule. The variable $user gets a value but $cn does not :-(. I have looked in /var/log/ltm and nothing. T...

BIG-IP Access Policy Manager (APM)

iRules

security

augustusk

Nimbostratus

Dec 03, 2015

I ensured that the client side ssl profile did "ignore" requests for client certificates. I then ensured the on-demand cert auth requested a client certificate which works (I see my machine presenting certificate). I then created another on-demand cert auth with a require option for client certificate. I then created the branch rules below on the second on-demand cert auth. The first works as expected but when trying to acquire subject, common name, issue, etc...this fails. I am stomped. Thanks Kris

expr { [mcget {session.ssl.cert.cn} ] contains "myName" }

this fails. Not finding common name and ensured case matched. I also tried ensuring lower case with [string tolower [mcget {session.ssl.cert.name}]]

expr { [mcget {session.ssl.cert.exist} ] == "0" }

this passes and allows access. Client cert exists

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)