Forum Discussion
Retrieve UPN from client certificate SAN RFC 822 Name:
Hi Lucas, thanks for responding the variable contains the following (i masked sensitive data to test domains only) X509v3 extensions: X509v3 Subject Key Identifier: 76:09:B8:BA:1A:E9:09:86:78:22:9C:53:1B:D4:AF:E9:81:55:57:01 X509v3 Authority Key Identifier: keyid:DD:0C:FD:A1:21:AF:E3:AC:F3:6E:93:04:AB:D5:07:8B:B9:24:08:08 X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.27171.175.10.1.30 CPS: http://info.pki.test.eu/cps Policy: 0.4.0.2042.1.2 X509v3 Extended Key Usage: TLS Web Client Authentication, E-mail Protection, Microsoft Smartcardlogin X509v3 Key Usage: critical Digital Signature, Non Repudiation X509v3 Subject Alternative Name: email:john.bar@ext.Test.eu X509v3 CRL Distribution Points: Full Name: URI:http://info.pki.test.eu/crl/Test-EU-Users-CA.crl Full Name: URI:ldap://ldap.test.com.eu/CN=Test%20EU%20Users%20CA,O=Test,C=BE?certificateRevocationList?base?objectClass=pkiCA Authority Information Access: CA Issuers - URI:http://info.pki.test.com/cacerts/Test-EU-Users-CA.p7b CA Issuers - URI:ldap://test.domain.comCN=CU%20Users%20CA,O=Tlium,C=BE?cACertificate?base?objectClass=pkiCA OCSP - URI:http://otest.pki.test.com
so we should find Subject Alternative Name: email:john.bar@ext.Test.eu with mcget command inside the VPE policy, I woild rather prefer this instead of using Irules
- Lucas_ThompsonJun 26, 2024Employee
When you review the session variables for this session, what exactly do the variables look like? I'd assume looking at the output that APM would already parse these values into session variables. To check that, log in with your user and look at their "Variables" using this part of the GUI:
- MarvinJun 27, 2024Cirrocumulus
The session variable value i already pasted above so we just need to "grep" this, the email address is stored inside this variable. We tried several mcget commands to get this but it was empty all the time. The name of the variable is session.ssl.cert.x509extension
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com