Forum Discussion
NimbostratusF5 CAC usage question
Hello DevCentral,
I am experiencing F5 Irule stripping special characters in usderid using CAC authentication.
Here is what is in my I rule
;when HTTP_REQUEST { Check to see if the proxy has inserted the client certificate into the http headers if { [HTTP::header exists Client-Cert] } { Parse the client certificate and insert only the CN name set pkiid [findstr [HTTP::header Client-Cert] CN%3D 5 & ] HTTP::header insert PKI-ID $pkiid Log the header that was inserted log local0. "Header is : [HTTP::header PKI-ID]" } }
The CN%3D 5 & is my queston to allow space, hyphens, and special characters like '
3 Replies
- Kevin_Stewart
Employee
I think it depends on what the cert header looks like, but assuming the (encoded) CN is part of a larger DN, perhaps something like this:
set pkiid [findstr [URI::decode [HTTP::header Client-Cert]] "CN=" 3 ","]Where the comma generally delimits RDN values within the DN. This should catch everything between "CN=" and the comma, regardless of special characters.
Otherwise can you give an example of te cert header?
Dan_01_131510Hi Kevin,
Thank you for quick reponse. My question is can I use the findstr: set pkiid [findstr [HTTP::header Client-Cert] CN%3D 5 & ]
like this ?
set pkiid [findstr[HTTP::header Client-Cert] "CN=" 3 ","]
Thanks,
Dan
- Kevin_Stewart
What I assume you're saying with this statement:
set pkiid [findstr [HTTP::header Client-Cert] CN%3D 5 & ]Is to find the literal string "CN%3D", skip 5 characters, and grab everything up to the next ampersand sign. Whether this works or not depends on what the header looks like to begin with. Are the RDN values separated by ampersands? Commas? How is the Client-Cert header encoded? Can you give an example of the Client-Cert header?
