Forum Discussion

Cirrocumulus

Jun 11, 2024

Retrieve UPN from client certificate SAN RFC 822 Name:

Dear all, I would like to retrieve the UPN from the SAN of the client certificate which has the field RFC 822 Name:user@domain.com. The APM collect the information inside the session.ssl.cert.x5...

application delivery

Lucas_Thompson

Employee

Can you share your example certificate's exact "session.ssl.cert.x509extension" value formatted this way? It shouldn't be too tough to adapt that VPE rule to handle either othername:upn or rfc822 style format.

Marvin

Cirrocumulus

Jun 13, 2024

Hi Lucas, thanks for responding the variable contains the following (i masked sensitive data to test domains only) X509v3 extensions: X509v3 Subject Key Identifier: 76:09:B8:BA:1A:E9:09:86:78:22:9C:53:1B:D4:AF:E9:81:55:57:01 X509v3 Authority Key Identifier: keyid:DD:0C:FD:A1:21:AF:E3:AC:F3:6E:93:04:AB:D5:07:8B:B9:24:08:08 X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.27171.175.10.1.30 CPS: http://info.pki.test.eu/cps Policy: 0.4.0.2042.1.2 X509v3 Extended Key Usage: TLS Web Client Authentication, E-mail Protection, Microsoft Smartcardlogin X509v3 Key Usage: critical Digital Signature, Non Repudiation X509v3 Subject Alternative Name: email:john.bar@ext.Test.eu X509v3 CRL Distribution Points: Full Name: URI:http://info.pki.test.eu/crl/Test-EU-Users-CA.crl Full Name: URI:ldap://ldap.test.com.eu/CN=Test%20EU%20Users%20CA,O=Test,C=BE?certificateRevocationList?base?objectClass=pkiCA Authority Information Access: CA Issuers - URI:http://info.pki.test.com/cacerts/Test-EU-Users-CA.p7b CA Issuers - URI:ldap://test.domain.comCN=CU%20Users%20CA,O=Tlium,C=BE?cACertificate?base?objectClass=pkiCA OCSP - URI:http://otest.pki.test.com

Marvin
Cirrocumulus
Jun 13, 2024
so we should find Subject Alternative Name: email:john.bar@ext.Test.eu with mcget command inside the VPE policy, I woild rather prefer this instead of using Irules
- Lucas_Thompson
  Employee
  Jun 26, 2024
  When you review the session variables for this session, what exactly do the variables look like? I'd assume looking at the output that APM would already parse these values into session variables. To check that, log in with your user and look at their "Variables" using this part of the GUI:
  - Marvin
    Cirrocumulus
    Jun 27, 2024
    The session variable value i already pasted above so we just need to "grep" this, the email address is stored inside this variable. We tried several mcget commands to get this but it was empty all the time. The name of the variable is session.ssl.cert.x509extension

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Retrieve UPN from client certificate SAN RFC 822 Name:

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Re: Management Certificate

ASM vs to APM vs and client certificates

Client ssl certification bulk installation

Certifications for security professionals

Certificate Expiry Email alert configuration

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS