Forum Discussion

Cirrus

Dec 10, 2013

SSL Caller Authentication and Access Control

We have a web service that wishes to use client certificates for caller authentication and access control. The client certificate is sent as part of the SSL handshake (when the server is configured ...

BIG-IP Access Policy Manager (APM)

design

security

IheartF5_45022

Nacreous

Dec 10, 2013

Yes it is possible. Apply a clientssl profile with Client Certificate set to "require", and Trusted Cert Authority set to your CA, the apply this iRule;-

when CLIENTSSL_HANDSHAKE {
     Check if the client supplied one or more client certs
    if {[SSL::cert count] > 0}{

     Check the first client cert subject
    set subject [X509::subject [SSL::cert 0]]
}
when HTTP_REQUEST {
     Remove the customer header if already present
    HTTP::header remove "X-subject"
    HTTP::header insert "X-subject" $subject
 }

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)