APM on demand cert auth using attribute to map different resource group

Question

Hi F5 buddy,&nbsp;
I currently setup APM using on demand cert auth without LDAP query, I need to use the cert attribute to map different resource group. &nbsp;
The ideal solution is as below:&nbsp;
Cert attribute: CN=AAA, O=F5, O=APM will be map to VPE resource A
Cert attribute: CN=BBB, O=F5, O=APM will be map to VPE resource B
.
.
.
.
etc&nbsp;
The problem is that how I can precisely extract the username "AAA" or "BBB" in VPE to map the resource group?&nbsp;
Many thanks,&nbsp;
Angus&nbsp;

daniel_varela · Answer

Have a look to the APM operations guide, there is an example similar of what you need to do:
https://support.f5.com/content/kb/en-us/products/big-ip_apm/manuals/product/f5-apm-operations-guide/_jcr_content/pdfAttach/download/file.res/f5-apm-operations-guide.pdf page 108.&nbsp;
You can extract the value of session.ssl.cert.cn and then apply the resources based on the logic you want.&nbsp;

stanislas_piro2 · Answer

Look at this code to extract CN from subject. You can then create a condition based on this result&nbsp;

cawong23_136311 · Answer

Thanks all guys, I have done it successfully.&nbsp;

Forum Discussion

APM on demand cert auth using attribute to map different resource group

Recent Discussions

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

How to Renew F5 Device Certificate

F5 ASM CEF Sending Logs in Specific TimeZone

Related Content

DevCentral Resources

OWASP Resources for Security Education and Training

F5 Resources for COVID-19

Add SameSite attribute to APM Cookies

BIG-IP Terraform Resources

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS