For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jase_40648's avatar
jase_40648
Icon for Nimbostratus rankNimbostratus
May 12, 2009

Custom Certificate Checks

Hello. We are trying to do some custom checks for a protected configuration. Specifically, we want to verify that not only did the client give a valid certificate, but that their email address in th...
BIG-IP Access Policy Manager (APM)
remote access
security
jase_40648's avatar
jase_40648
Icon for Nimbostratus rankNimbostratus
May 18, 2009
Thanks for the suggestion. I had already tried creating some advanced session variables, and using those too, but I was not successful. I just tried it again too, but still can't get it to work. I created the following session variables:

 

myemail: session.user.username+"@COMPANY.com"

 

certuser: REGEX(session.ssl.cert.email, "|(.*)@COMPANY.com|")

 

Testing both variables using the Save and Test button give proper output. Then I created a custom check for a protected configuration. Specifically, I did the custom check in the Information Leaks section. I've tried various combinations of the following:

 

session.ssl.cert.email == "%session.asv.myemail%"

 

session.ssl.cert.email == %session.asv.myemail%

 

session.user.username == "%session.avs.certuser%"

 

session.user.username == %session.avs.certuser%

 

But none of those work. I always get a System Warning, and don't get access to the protected resource. If I remove the custom check, I can get access.

 

I think either I must be doing something wrong, or this simply is not supported. Any ideas? Thanks in advance!