Below is the iRule I have that should be setting a variable called session.custom.query_result. According to the value, the user will not be allowed access. I am trying to match the client certificate name to the logonname. Any help is appreciated.
Best,
Kris
when ACCESS_POLICY_AGENT_EVENT
{
if { [ACCESS::session data get session.ssl.cert.x509extension] contains "othername:UPN<" }
{
set uname [ACCESS::session data get [lindex [split [findstr [ACCESS::session data get session.ssl.cert.x509extension] "othername:UPN<" 14 ">"] "@"] 0]]
set login [ACCESS::session data get "session.logon.last.username"]
}
if { $uname contains $login}
{
ACCESS::session data set session.custom.query_result 0
}
else
{
ACCESS::session data set session.custom.query_result 1
}
}