Forum Discussion

Nimbostratus

Dec 01, 2015

APM iRule Event

I need some assistance on why I get no value for the client certificate CN when running below iRule. The variable $user gets a value but $cn does not :-(. I have looked in /var/log/ltm and nothing. T...

BIG-IP Access Policy Manager (APM)

iRules

security

augustusk

Nimbostratus

May 09, 2016

Below is the iRule I have that should be setting a variable called session.custom.query_result. According to the value, the user will not be allowed access. I am trying to match the client certificate name to the logonname. Any help is appreciated. Best, Kris

when ACCESS_POLICY_AGENT_EVENT { if { [ACCESS::session data get session.ssl.cert.x509extension] contains "othername:UPN<" } { set uname [ACCESS::session data get [lindex [split [findstr [ACCESS::session data get session.ssl.cert.x509extension] "othername:UPN<" 14 ">"] "@"] 0]] set login [ACCESS::session data get "session.logon.last.username"] } if { $uname contains $login} { ACCESS::session data set session.custom.query_result 0 } else { ACCESS::session data set session.custom.query_result 1 }

}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)