F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

mikegray_198028's avatar
mikegray_198028
Icon for Cirrus rankCirrus
Apr 25, 2016

client authentication/user authentication certificates

Hello team,

 

We have 6 external users/vendors using single vip to access the application like below and we are using client ssl authentication, Can we do any user based validation and allow the connection. as per the below configuration if they interchange the certificate or share the certificate they can use the application.

 

user1 > https://secure1.mydomain.com user2 > https://secure1.mydomain.com

 

user3 > https://secure1.mydomain.com

 

user4 > https://secure1.mydomain.com

 

Please suggest me how to proceed.

 

application delivery
iRules
LTM

4 Replies

  • Josiah_39459's avatar
    Josiah_39459
    Historic F5 Account
    Apr 26, 2016

    Yes, you can. All the information from the client cert authentication is stored in session variables (you can verify this in the reports in the GUI or the 'sessiondump' command via the CLI). Then you can use those session variables in the Advanced Resource Assign to assign different ACLs to different users.

     

    • Josiah_39459's avatar
      Josiah_39459
      Historic F5 Account
      Apr 26, 2016
      Then you'll want to use an irule. Take a look at the examples in CLIENTSSL_CLIENTCERT: https://clouddocs.f5.com/api/irules/CLIENTSSL_CLIENTCERT.html However, if you really need to block urls for security reasons you will want to consider more than just an irule, some real security solution.