Forum Discussion
Muhammad_Irfan1
Cirrus
CirrusRequire User ID of client connected in logs.
I have SSL client authentication required and its working fine.
HOw can I get User ID of client certificate in logs?
shaggy_121467
Cumulonimbus
Cumulonimbuscheck out - https://devcentral.f5.com/wiki/iRules.CLIENTSSL_CLIENTCERT.ashx
the second example in that wiki page (included below) should be a good starting point. i would log that value remotely using HSL instead of logging locally
when CLIENTSSL_CLIENTCERT {
Debug flag
set debug 1
Check if client presented a cert after it was requested/required
if {[SSL::cert count] > 0}{
Client presented at least one cert. The actual client cert should always be first.
if {$debug > 1}{
Loop through each cert and log the cert subject, issuer and serial number
for {set i 0} {$i < [SSL::cert count]} {incr i}{
log local0. "[IP::client_addr]:[TCP::client_port]: cert $i; subject=[X509::subject [SSL::cert $i]];\
[X509::issuer [SSL::cert $i]]; cert_serial=[X509::serial_number [SSL::cert $i]];"
}
}
} else {
if {$debug > 1}{log local0. "[IP::client_addr]:[TCP::client_port]: No client cert found!"}
}
}
- Muhammad_Irfan1Thank you sir for the reply.. I will try this tomorrow and will let you know.
- Muhammad_Irfan1Sir this iRule is not logging anything. Although Client authentication is required and i am presenting client authentication certificate. I recieved not log at all. Although iRule gave no syntax error.
- shaggy_121467like i said, use this for reference. i pulled the rule from examples on the CLIENTSSL_CLIENTCERT wiki page. i did not test, but it looks as if it should log if the client presents a certificate to the virtual server
- Muhammad_Irfan1The iRule seems totally right but its not logging any thing even through client is presenting certificate.
