Forum Discussion
DFeike_160744
Nimbostratus
NimbostratusAPM: irule needed to extract Username from Client Cert to use it for AD group query
Hi community,
i've recently took over the task to implement Big-IPs in projects and I'm quite comfortable with LTM Tasks, but now I have to solve an APM Problem.
Currently the customers mobile d...
David Check out this link:
https://devcentral.f5.com/questions/apm-clientcert-to-kerberos-transition-parsing-subjectalternatename-in-variable-assignAlso: check out this link on support.f5.com, it describes how the clientssl profile should be configured to require the client to submit its certificate:
http://support.f5.com/kb/en-us/solutions/public/14000/800/sol14819.html?sr=39485541In a nutshell,
1) the LTM profile obtains the certificate from client,
2) LTM iRule parses the cert fields and saves the username in a variable that the APM can access. 3) APM policy sends it to AD and performs the query.HTH
David Check out this link:
https://devcentral.f5.com/questions/apm-clientcert-to-kerberos-transition-parsing-subjectalternatename-in-variable-assign
Also: check out this link on support.f5.com, it describes how the clientssl profile should be configured to require the client to submit its certificate:
http://support.f5.com/kb/en-us/solutions/public/14000/800/sol14819.html?sr=39485541
In a nutshell,
1) the LTM profile obtains the certificate from client,
2) LTM iRule parses the cert fields and saves the username in a variable that the APM can access. 3) APM policy sends it to AD and performs the query.
HTH
