For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Amit_Grover_171's avatar
Amit_Grover_171
Icon for Nimbostratus rankNimbostratus
Oct 12, 2015

Need to write Irule to decode auth string to Base64 and fetch domain name from it and compare that domain name with certificate to deny/permit traffic

Hi,   Need to write Irule to decode auth string to Base64 and fetch domain name from it and compare that domain name with certificate to deny/permit traffic.   Please help ASAP.   /Regards A...
application delivery
deployment
devops
iRules
LTM
TMOS
TMSH
Amit_Grover_171's avatar
Amit_Grover_171
Icon for Nimbostratus rankNimbostratus
Oct 23, 2015

Hi Stanisals,

 

Thanks for response below is the situation.

 

TLS negotiation has been successful between F5 acting as server and any UC system acting as client. Stream initiated from UC system. During TLS negotiation, first F5 sent/shared the “server hello” and “server certificate” on response to “client hello” from UC System and also requested for “client certificate” now Client will share its own certificate and server will authorize it via Client cert Root, now this client certificate( negotiated during TLS) will be used by F5 to Send the SUCCESS or FAILURE ( after comparing the Client domain name from the client certificate)

 

As when Server will send the SUCCESS on the response of AUTH from client, Server will check the encoded Client Domain Name received in the AUTH with the clients certificates shared at time of TLS negotiation. PFB link. http://xmpp.org/extensions/xep-0178.html So the client domain name ( decoded one that received in AUTH), will be checked in the certificates shared by client while doing TLS negotiation for the session only.

 

Please share is it possible to compare domain from certificate with Auth stream.

 

/Regards Amit Grover