For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rysheen_312712's avatar
Rysheen_312712
Icon for Nimbostratus rankNimbostratus
Mar 06, 2017

F5 Authentication with web application using CAC

Currently using F5 Authentication via CAC with a web application. Our Web applications authentication is via EDIPI number so we have to create account within the application based on that. What can we do to change from EDIPI to include email address.

 

application delivery
devops
Secure Web Gateway

1 Reply

  • Nicholas_P__308's avatar
    Nicholas_P__308
    Icon for Cirrus rankCirrus
    Mar 06, 2017

    We use a similar method, in the string to query you should have something like following:

    an EXTRACTEDIPI iRULE

    an Access Policy to call the event

    and within the access policy a custom search string .. (orclsecondaryuid=%{session.custom.edipi})

    The iRULE will looking something like this ..

        set EDIPI [string range [findstr [ACCESS::session data get session.ssl.cert.subject] "CN=" 3 ","] [expr [string last "." [findstr [ACCESS::session data get session.ssl.cert.subject] "CN=" 3 ","]] + 1] end]
    if { [string tolower $EDIPI] equals "blahblah" }  {
      set EDIPI [findstr [ACCESS::session data get session.ssl.cert.subject] "CN=" 3 "."]

      The CN = 3 is the important part, this is how many spaces from the period "." it will search for the requested information. You would set this to the email portion