Forum Discussion
iRule Client Authentication request.
Hello all.
Currently I have an application that requires client authentication via a certificate. For the most part it is working so far, but I am having one issue with the request for a certificate.
Here is what I have so far.
Within the Client SSL Profile, I enabled the "Client Certificate: Request" option. This appears to be working perfectly when initially hitting the site. However, if the clients PIV/smartcard card is not inserted before they go to the site we have it set to still allow the client to proceed. What I would like to do is force that request for client authentication again, much like the initial request that comes from the F5 Client SSL profile. I have messed with several iRules and none of them appear to work. Below is an example.
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/protected/" }
{ log local0. "Protected URI requested: [HTTP::uri]"
if { [SSL::cert count] <=0 }
{ HTTP::collect
SSL::authenticate always
SSL::authenticate depth 9
SSL::cert mode require
SSL::renegotiate
}
}
}
when CLIENTSSL_CLIENTCERT {
HTTP::release
if { [SSL::cert count] < 1 }
{ log local0. "No Certificate Provided" reject }
}I know the above code only initiates when /protected/ is in the URI, however it never prompts be for the Cert.
Any and all assistance would be greatly appreciated!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com