Insert client certificate into APM session variable via IRule

Question

Hello!
First time poster longtime reader. 
I´m trying to extract the Subject value from a client certificate and insert the value in to a APM session variable but with no luck. 
The Irule in question looks like this
when CLIENTSSL_CLIENTCERT {
log local0. "Subject: [X509::subject [SSL::cert 0]]"
  if {[SSL::cert count] &gt; 0}{
    set client_cert [SSL::cert 0]
    set subject [findstr [X509::subject [SSL::cert 0]] "CN=" 3 ","]
    ACCESS::session data set session.client.unique_id $subject
    log local0. "Current ID = $subject"
  }
}   
when ACCESS_POLICY_COMPLETED {
   set subject [ACCESS::session data get session.client.unique_id]
}

I´m able to see the subject" variable in /var/log

When I´m executing the Access Policy, the session.client.unique_id variable are not populated with the  subject" variable from the Irule.

My VPE looks like this,

Thanks in advance!
//Mikael,

jad_tabbara__j1 · Answer

Hello Squeak, 
Have you added the event "Access_Policy_Agent_Event" to set your variable ? 
when ACCESS_POLICY_AGENT_EVENT {

if { [ACCESS::policy agent_id] eq "id_of_your_irule_event" } {
 ACCESS::session data set session.client.unique_id $subject
 log local0. "Verifying the value of unique_id ===&gt; [ACCESS::session data get session.client.unique_id]"
}

}

Forum Discussion

Insert client certificate into APM session variable via IRule

Recent Discussions

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

FTP PASV mode to Extended Passive mode

Oracle JDBC SSL Termination failing on F5

APM for banner and cert

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

Related Content

APM Session Variable Logging

APM variable assign examples

Help F5 Transform the BIG-IP Administrator Certification

iRules variables in BIG-IP Next: behavior change

Re: Management Certificate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS