iRule Client Authentication request.

Hello all.

Currently I have an application that requires client authentication via a certificate. For the most part it is working so far, but I am having one issue with the request for a certificate.

Here is what I have so far.

Within the Client SSL Profile, I enabled the "Client Certificate: Request" option. This appears to be working perfectly when initially hitting the site. However, if the clients PIV/smartcard card is not inserted before they go to the site we have it set to still allow the client to proceed. What I would like to do is force that request for client authentication again, much like the initial request that comes from the F5 Client SSL profile. I have messed with several iRules and none of them appear to work. Below is an example.

when HTTP_REQUEST { 
if { [HTTP::uri] starts_with "/protected/" } 
{ log local0. "Protected URI requested: [HTTP::uri]" 
if { [SSL::cert count] <=0 } 
{ HTTP::collect 
SSL::authenticate always 
SSL::authenticate depth 9 
SSL::cert mode require 
SSL::renegotiate 
} 
} 
}

when CLIENTSSL_CLIENTCERT { 
HTTP::release
if { [SSL::cert count] < 1 } 
{ log local0. "No Certificate Provided" reject } 
}

I know the above code only initiates when /protected/ is in the URI, however it never prompts be for the Cert.

Any and all assistance would be greatly appreciated!