Forum Discussion
DethMetal_Jeff
Altostratus
AltostratusPass client cert based on POST data
I'm trying to pass along cleint cert information to my backedn server in an http header based on HTTP POST data sent to the login servlet. I've written the below iRule which, in short does the follo...
Just to update anyone else who is looking to do the same thing. I inserted an HTTP::collect at line 111 after the SSL::renegotiate and this appears to force the iRule to hold the http data instead of invoking the implict release at the end of HTTP_REQUEST_DATA. So now it hits the CLIENTSSL_CLIENTCERT event and the HTTP::release is called there. Since I'm setting SSL::cert mode require this should always result in either the handshake failing or the HTTP::release being called from CLIENTSSL_CERT.
DethMetal_JeffAltostratus
AltostratusThat's what I've been doing but apparently that's less than desirable behavior from a client/product perspective. We have scenarios where a user may have a valid certificate installed but isn't required to use it for this particular application. If i set it to request they'll get prompted to select a cert regardless of which app they're trying to use. So, while technically ok as in it works, the end user experience isn't desirable.