APM Session Variable Not Being Cached
F5 Big-IP LTM 11.4.1 HF7, APM
The objective was to create an access policy that inspects client certificates for a specific certificate and grant access to resources based on that inspection.
I created an access policy that consisted of: * ClientOS rule - to ensure only iOS, Windows and MacOS devices are granted access * Client Inspection rule - to ensure the device is presenting an approved certificate * Logging rule - to log the client certificate Common Name value presented * Message Box rule - to show the end user the client certificate Common Name value presented
Because the default Client Inspection rule only checks whether the client certificate is 'valid' I updated the expression syntax to read:
expr { [mcget {session.ssl.cert.cn}] =="clientcertcommonname"}
There is no issue with the ClientOS rule however the Client Inspection rule fails. Additionally the Logging and Message Box rules do not show the client certificate Common Name value.
The Logging rule expression syntax is: Your session client cert Common Name is %{session.ssl.cert.cn}.
The Message Box rule expression syntax is: Your session client cert Common Name is %{session.ssl.cert.cn}.
I believe the issue is that the session variable session.ssl.cert.cn is not capturing the client certificate Common Name value but I don't know why.
Any suggestions/recommendations will be appreciated. Thanks.