Forum Discussion
APM: irule needed to extract Username from Client Cert to use it for AD group query
Hi community, i've recently took over the task to implement Big-IPs in projects and I'm quite comfortable with LTM Tasks, but now I have to solve an APM Problem.
Currently the customers mobile devices e.g. tablets are logging in via Edge-Client and after a Client Cert Check, they have to reenter their AD credentials for an AD Auth Check, which also are used for the AD Query to assign ressources based on AD groups.
Basicly they want to have the the AD Credential popup removed (yeah, also think it is not very sensibel). My idea to get the group mapping done was to use an iRule to extract the username from the Client Cert and put this into the AD Query.
However, since my skill in APM is very limited I don't know of any built-in method, which could handle this and hope someone can direct me in the right direction or providing an iRule which might get the job done.
Thanks in advance and hope being able to give solutions back anytime soon. :)
David
David Check out this link:
Also: check out this link on support.f5.com, it describes how the clientssl profile should be configured to require the client to submit its certificate:
In a nutshell,
HTH
- DFeike_160744Nimbostratus
Hi John,
thanks for the links. Will check them the next days once I have a scheduled remote session with the customer.
best regards
- John_Alam_45640Historic F5 Account
David Check out this link:
Also: check out this link on support.f5.com, it describes how the clientssl profile should be configured to require the client to submit its certificate:
In a nutshell,
HTH
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com