Convert UPN from X509 to sAMAcountName

Question

Hello,&nbsp;
I have this code to get UPN to a variable named session.logon.last.upn:&nbsp;
Code
set e_fields [split [mcget {session.ssl.cert.x509extension}] "
"];
foreach qq $e_fields {
if {[string first "othername:UPN" $qq] &gt;= 0} {
return [string range $qq [expr { [string first "&lt;" $qq] + 1 } ] [expr
{ [string first "&gt;" $qq] - 1 } ] ];
}
}
return ""

This works fine&nbsp;&nbsp;
Now, I need to query my AD/LDAP to convert the UPN to sAMAccountName.&nbsp;
i.e: if UPN is: 012345678@local &nbsp;
sAMAccountName will be: testuser@domain.local &nbsp;&nbsp;&nbsp;
How do I query the AD/LDAP and find the sAMAccountName based on the UPN?
&nbsp;&nbsp;
Thank you,&nbsp;
Noam.&nbsp;

niels_van_sluis · Answer

You can add an 'AD query' agent to the access policy and use the following SearchFilter and set SAMAccountName as a 'Required Attribute'. After that you can read the SAMAccountName from 'session.ad.last.attr.sAMAccountName'.
(userPrincipalName=%{session.logon.last.upn})

Forum Discussion

Convert UPN from X509 to sAMAcountName

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

Alteon Config Converter

Converting TCL-Based iRules to Distributed Cloud Service Policies and L7 Routes

Unbreaking the Internet and Converting Protocols

BIG-IP Wide-IP to F5XC DNSLB converter

Convert curl command to BIG-IP Monitor Send String

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS