Client Certificate Auth x509x3 parsing irule for APM

Can you explain exactly what is the subject format? does it contain some other characters than digits?

The regular expression provided by kevin will match every string with at least 10 digits.

set str "foo."
set str_end ".bar"
for {set i 1 } { $i<20} {incr i} {
append str [expr {int(rand()*10)}]
echo "result for string $str$str_end is [lindex {false true} [regexp {([0-9]{16}|[0-9]{10})} $str$str_end temppiv]]"
}
foo.
% .bar
% result for string foo.7.bar is false
result for string foo.71.bar is false
result for string foo.712.bar is false
result for string foo.7129.bar is false
result for string foo.71293.bar is false
result for string foo.712939.bar is false
result for string foo.7129391.bar is false
result for string foo.71293917.bar is false
result for string foo.712939174.bar is false
result for string foo.7129391740.bar is true
result for string foo.71293917401.bar is true
result for string foo.712939174010.bar is true
result for string foo.7129391740102.bar is true
result for string foo.71293917401029.bar is true
result for string foo.712939174010292.bar is true
result for string foo.7129391740102928.bar is true
result for string foo.71293917401029287.bar is true
result for string foo.712939174010292879.bar is true
result for string foo.7129391740102928792.bar is true

the result is the same as if you only check for a 10 digits string..

% set str "foo."
set str_end ".bar"
for {set i 1 } { $i<20} {incr i} {
append str [expr {int(rand()*10)}]
echo "result for string $str$str_end is [lindex {false true} [regexp {([0-9]{10})} $str$str_end temppiv]]"
}
foo.
% .bar
% result for string foo.4.bar is false
result for string foo.41.bar is false
result for string foo.419.bar is false
result for string foo.4199.bar is false
result for string foo.41991.bar is false
result for string foo.419918.bar is false
result for string foo.4199182.bar is false
result for string foo.41991829.bar is false
result for string foo.419918296.bar is false
result for string foo.4199182963.bar is true
result for string foo.41991829630.bar is true
result for string foo.419918296309.bar is true
result for string foo.4199182963098.bar is true
result for string foo.41991829630985.bar is true
result for string foo.419918296309854.bar is true
result for string foo.4199182963098543.bar is true
result for string foo.41991829630985439.bar is true
result for string foo.419918296309854391.bar is true
result for string foo.4199182963098543916.bar is true

You can check that there is no digit before and after the searched string

set str "foo."
set str_end ".bar"
for {set i 1 } { $i<20} {incr i} {
append str [expr {int(rand()*10)}]
echo "result for string $str$str_end is [lindex {false true} [regexp {^[^\d]*(\d{16}|\d{10})[^\d]*$} $str$str_end temppiv]]"
}foo.
% .bar
% 
result for string foo.4.bar is false
result for string foo.43.bar is false
result for string foo.430.bar is false
result for string foo.4304.bar is false
result for string foo.43048.bar is false
result for string foo.430483.bar is false
result for string foo.4304835.bar is false
result for string foo.43048355.bar is false
result for string foo.430483554.bar is false
result for string foo.4304835549.bar is true
result for string foo.43048355498.bar is false
result for string foo.430483554980.bar is false
result for string foo.4304835549809.bar is false
result for string foo.43048355498095.bar is false
result for string foo.430483554980954.bar is false
result for string foo.4304835549809545.bar is true
result for string foo.43048355498095452.bar is false
result for string foo.430483554980954520.bar is false
result for string foo.4304835549809545206.bar is false
% 

instead of the irule event, create a variable assign for variable session.custom.certupn with expression:

if {[regexp {^[^\d]*(\d{16}|\d{10})[^\d]*$} [mcget {session.ssl.cert.subject}] temppiv]] == 1} {
return [string range $temppiv 0 9]
} elseif { [mcget {session.ssl.cert.x509extension}] contains "othername:UPN<" } {
set extension [mcget {session.ssl.cert.x509extension}];
return [string range $extension [expr {[string first "othername:UPN<" $extension] +14}] [expr {[string last ">" $extension] -1}] ];
}