Extracting email from APM client ert

You could try a modification of this SOL for getting the username from the cert subject.

https://support.f5.com/kb/en-us/solutions/public/12000/100/sol12169extract

If you can post an example of the session.ssl.cert.subject and the full code of what you are doing then we have a better idea to help you fix it. Do you have this in an iRule or are you trying to accomplish this in the VPE?

Seth

To use regexp, may try the following in the variable assignment

regexp {([a-z0-9._%+-]+@[a-z0-9.-]+.[a-z]{2,4})} [ mcget {session.ssl.cert.subject}] matched a; return $a

Hi,

Im trying to extract the email address from cert in VPE, what does the matched a; return $a do as that seems to work, thanks

regexp {([a-z0-9._%+-]+@[a-z0-9.-]+.[a-z]{2,4})} [ mcget {session.ssl.cert.subject}] matched a; return $a

Basically it saves the first matched regex to variable 'a'. Then variable 'a' value, $a, is 'return'ed to the session variable assigned.

does anyone know what this will do?

session.ssl.cert.user

set f1 [mcget {session.ssl.cert.subject} ] set f2 [split $f1 "=" ] set f3 [lindex $f2 1] set f4 [split $f3 ","] set f5 [lindex $f4 0]

I have following value in subject with the client cert

Subject name OU = MULTI-ALLOWED OU = VPN-WEB CN = TEST@NGOPER

I have configured the following variables with APM

custom variable

session.ssl.cert.user

custom expression

set f1 [mcget {session.ssl.cert.subject} ] set f2 [split $f1 "=" ] set f3 [lindex $f2 1] set f4 [split $f3 ","] set f5 [lindex $f4 0]

I get following error

The error we’re getting is: “LDAP module: query with 'cn=MULTI-ALLOWED' failed: No such object, no matching users found”

Is there something wrong with my custom expression?