F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

pradeepkumar020's avatar
pradeepkumar020
Icon for Nimbostratus rankNimbostratus
Mar 29, 2016

getting errors while using "on demand certificate authentication with ad query"

Hi ,   Am using on demand certificate authentication with AD query... but after succeesfull authentication with certificate am getting error at AD query... I used two different AD for certificate ...
Seth_Cooper's avatar
Seth_Cooper
Icon for Employee rankEmployee
Mar 30, 2016

I will respond to the comment in an answer so I can get proper formatting to see the config. After connecting to my APM with an On-Demand Certificate I looked at a sessiondump for the session and noticed that session.ssl.cert.subject was the variable that has the user details (CN=Administrator,CN=Users,DC=fr,DC=del,DC=corp) listed.

 

I then looked in LDAP browser to see exactly which search field that mapped to which in my case was distinguisedName.

 

I then updated the AD Query filter to have distinguishedName=%{session.ssl.cert.subject}.

 

This sends a request to AD that matches the subject on the certificate. After this is done you should see you have all the AD attributes populated and then can make rules based on that data.

 

If you still want to query on the sAMAccountName then you will have to do some string manipulation to get just Administrator out of the subject string.

 

Hope this helps.

 

-Seth