Forum Discussion
AltostratusAPM on demand cert auth using attribute to map different resource group
Hi F5 buddy,
I currently setup APM using on demand cert auth without LDAP query, I need to use the cert attribute to map different resource group.
The ideal solution is as below:
Cert attribute: CN=AAA, O=F5, O=APM will be map to VPE resource A Cert attribute: CN=BBB, O=F5, O=APM will be map to VPE resource B . . . . etc
The problem is that how I can precisely extract the username "AAA" or "BBB" in VPE to map the resource group?
Many thanks,
Angus
3 Replies
Daniel_VarelaEmployee
Have a look to the APM operations guide, there is an example similar of what you need to do: https://support.f5.com/content/kb/en-us/products/big-ip_apm/manuals/product/f5-apm-operations-guide/_jcr_content/pdfAttach/download/file.res/f5-apm-operations-guide.pdf page 108.
You can extract the value of session.ssl.cert.cn and then apply the resources based on the logic you want.
Stanislas_Piro2Cumulonimbus
Look at this code to extract CN from subject. You can then create a condition based on this result
cawong23_136311Thanks all guys, I have done it successfully.
