Forum Discussion

Rysheen_312712's avatar
Rysheen_312712
Icon for Nimbostratus rankNimbostratus
Mar 06, 2017

F5 Authentication with web application using CAC

Currently using F5 Authentication via CAC with a web application. Our Web applications authentication is via EDIPI number so we have to create account within the application based on that. What can w...
application delivery
devops
Secure Web Gateway
Nicholas_P__308's avatar
Nicholas_P__308
Icon for Cirrus rankCirrus
Mar 06, 2017

We use a similar method, in the string to query you should have something like following:

an EXTRACTEDIPI iRULE

an Access Policy to call the event

and within the access policy a custom search string .. (orclsecondaryuid=%{session.custom.edipi})

The iRULE will looking something like this ..

    set EDIPI [string range [findstr [ACCESS::session data get session.ssl.cert.subject] "CN=" 3 ","] [expr [string last "." [findstr [ACCESS::session data get session.ssl.cert.subject] "CN=" 3 ","]] + 1] end]
    if { [string tolower $EDIPI] equals "blahblah" }  {
      set EDIPI [findstr [ACCESS::session data get session.ssl.cert.subject] "CN=" 3 "."]

      The CN = 3 is the important part, this is how many spaces from the period "." it will search for the requested information. You would set this to the email portion