Forum Discussion

Mike_Harpe_6170's avatar
Mike_Harpe_6170
Icon for Nimbostratus rankNimbostratus
Jan 31, 2012

DoD CAC authentication using IIS through LTM

I am working with developers and SA people to get an app that uses IIS authentication with LTM.     Basic setup is a virtual server on 443 with a cert on the front end, two servers on the back e...
app sec
BIG-IP Access Policy Manager (APM)
security
Mike_Maher's avatar
Mike_Maher
Icon for Nimbostratus rankNimbostratus
Feb 01, 2012
Mike,

 

So basically you want to be able to pass a certificate from a client through the LTM to one of the servers on the back side is what I am hearing.

 

 

You are going to need to use an iRule for this and put the information into the Header for the server to read. I am doing something like this with one of our applications that runs through an ASM. Your issue is that the connection is proxied and the client certificate is not being passed from the client side of the connection to the server side of the connection.

 

 

One other thing you could do is just do the client cert auth on the LTM itself through the Client SSL profile. Again you will need an iRule if you want to check for certain CNs but it is a pretty simple iRule I am also using this logic for a couple applications I run. See reference below.

 

 

http://devcentral.f5.com/wiki/iRules.ClientCertificateCNChecking.ashx