How to configure smart card authentication on F5 IDP?

Configure an ssl client profile for the IDP virtual server. Under client authentication select request or require for Client Certificate. You also need an ssl server certificate for the URL of your IDP. You specify this under the ssl client profile under Certificate Key Chain. Apply the ssl client profile to the virtual server. You might also need to configure an OCSP profile and apply it to the virtual server and create a certificate bundle for the trusted certificate authorities. You should also have a decision box in your APM access policy that check the cert status and grants/denies access based on this.

Hi Eastman,

Thanks for your reply. I have created OCSP profile . But while creating this profile I have to select some certificate for the following fields.. Trusted Certificate Authorities and Advertised Certificate Authorities. I am really not sure what certificates i should select here. So i have selected the CA root certificate for Advertised Certificate Authorities, which i have uploaded to the certificate list and default certificate for Trusted Certificate Authorities. Could you please confirm If I am doing something wrong. If you can explain what exactly these fields need , it will be very helpful.

Thank you so much for your help.

Regards, Asma

Trusted Certificate Authorities is a certificate or a bundle of certificates that denote only the CA's that you will accept client certificates from. Any other certificates that are presented to the F5 are rejected, like self signed certs. Advertised certificate authorities are a list of CA's that are sent to the client so the client can respond with a certificate issued by one of the advertised CA's.