Forum Discussion
using step up auth to client cert want to insert cert into header
Yes, well. its step up auth. so its not done on the access policy. but on a pre request policy. and also has to be done as a subroutine, so my reading tells me that per request subroutines don't have access to the session variables as writeable. only readable.
quick check via the gui interface and it show that the cert info is in the per request sub session variables. how can I insert headers from a subroutine in a pre request policy .. i thinking the only way is to use a irule event ...
but this seems rather hard.
Note - i am note sure when access_acl_allowed is fired, but I have checked the session variables - no sign of the cert in the main session variables :(
Can you see if HTTP_REQUEST is able to catch and parse cert details? This iRule is just to log the details first.
when HTTP_REQUEST {
if {[SSL::cert count] > 0}{
set certsubjectdn [X509::subject [SSL::cert 0]]
set certissuerdn [X509::issuer [SSL::cert 0]]
log local0.info "certsubjectdn: $certsubjectdn"
log local0.info "certissuerdn: $certissuerdn"
} else {
return
}
}
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com