Forum Discussion
jondyke_46152
Jan 21, 2011Nimbostratus
OCSP validation and thumbprint passing in header
I currenlty have a website setup that uses two mechanisms for logon. The first mechanism is just a user name and password that is validated against a database, the second mechansism is that the client can associate a client certificate (issuesd by an external party - Unipass) to their account so they do not have to enter their details each time. Currenlty we use a passthrough irule on this website, however I was wondering if it was possible to do the following:-
Get the F5 to offload and handle OCSP validation of the client certificate.
If the certificate is valid put the thumbprint of the cert into the header that is sent on to the web server (the web server code then processes the tumbprint and checks against the account database.)
If it is not valid the F5 then redirect to an error page on a web server.
I am pretty sure that this must be achievalble with irules although the ones I have written are to be fair fairly basic so any pointers in whether this is possible and how to go about this would be greatly appreciated.
Many Thanks,
Jon
- hooleylistCirrostratusHi Jon,
- 2kl00mca52_2370Nimbostratus
Hi Jon,
Do you have any more details for Unipass certificate validation on F5 side ? this validation should happen in some rule ?
~R
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects