For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Robert_Decker_2's avatar
Robert_Decker_2
Icon for Nimbostratus rankNimbostratus
Feb 01, 2006

Authenticate customer using SSL client certificate or LDAP

I was wondering if anyone could show me how to perform multiple methods of authentication within an Irule. I would like to use ssl authentication against a client certificate as the first method, how...
application delivery
dev
devops
iRules
Joe_Pruitt's avatar
Joe_Pruitt
Feb 06, 2006
Not sure if this is what Colin was getting at or not, but you could assign multiple rules to a vip and pass variables between them. This way you can "simulate" calling multiple iRules using conditions.

 

 

Here's some pseudo code for the three iRules.

 

 

**** rule check_for_client_cert ****
when CLIENTSSL_CLIENTCERT {
  set has_client_cert 1
}
**** rule client_cert_rule ****
when HTTP_REQUEST {
  if { [info exists has_client_cert] } {
     code goes here
  }
}
**** rule ldap_rule ****
when HTTP_REQUEST {
  if { ! [info exists has_client_cert] } {
     code goes here.
  }
}

 

 

In this code, if the CLIENTSSL_CLIENTCERT event is raises, then the variable has_client_cert is set. Then in the HTTP_REQUEST events, you can check whether the variable has been set. The "info exists" command is a builtin TCL command to check whether a variable has been defined.

 

 

Hope this helps...

 

 

-Joe