Pulling Email Address from CAC as opposed to UPN

Hi,

I'm trying to work on a fallback solution to where instead of a UPN being presented by a user certificate for on-demand cert auth, we can pull the email address similar to this article: https://devcentral.f5.com/s/articles/How-to-Extract-the-UPN-from-a-Digital-Certificate-on-a-CAC-card-using-F5-APM

When I view the x509extensions, I can see the field "email:" and then the email address but unfortunately, I don't think I'm getting it. I'm using the logic from the link above to try and pull that value into a variable assign within APM. Has anyone had any success with it? The x509extension field shows as "email:firstname.lastname@domain". Just curious if anyone has configured this.

Thanks in advance!