Forum Discussion
Irule client certificate check against ldap value
- Aug 04, 2017
Thank you Morten for your reply. It helped me a bit.
I have adapted my iRule like this:
when ACCESS_POLICY_AGENT_EVENT {
if { [ACCESS::policy agent_id] eq "userCertEmail" } {
log "userCertEmail matched" set cert [SSL::cert 0] set ssl_subject_dn [X509::subject [SSL::cert 0]] set ssl_email [findstr $ssl_subject_dn "emailAddress=" 13 ","] ACCESS::session data set session.ssl.email "$ssl_email" log "Email is $ssl_email"
} }
In my Access Policy, I have added an LDAP Query rule like this:
&(userPrincipalName=%{session.ssl.email})(sAMAccountName=%{session.logon.last.username}))
Thank you Morten for your reply. It helped me a bit.
I have adapted my iRule like this:
when ACCESS_POLICY_AGENT_EVENT {
if { [ACCESS::policy agent_id] eq "userCertEmail" } {
log "userCertEmail matched"
set cert [SSL::cert 0]
set ssl_subject_dn [X509::subject [SSL::cert 0]]
set ssl_email [findstr $ssl_subject_dn "emailAddress=" 13 ","]
ACCESS::session data set session.ssl.email "$ssl_email"
log "Email is $ssl_email"
} }
In my Access Policy, I have added an LDAP Query rule like this:
&(userPrincipalName=%{session.ssl.email})(sAMAccountName=%{session.logon.last.username}))
Glad to be of help :-)
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com