For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

APM Clientless certificate authentication

Problem this snippet solves: This code allow to configure certificate authentication with APM clientless-mode support. The APM behavior when configuring following condition is to disable clientles...
Published Nov 23, 2017
Version 1.0
application delivery
BIG-IP Access Policy Manager (APM)
certificate authentication
iRules
security
C_Ang's avatar
C_Ang
Icon for Nimbostratus rankNimbostratus
Apr 30, 2018

Hi Stanislas,

 

I have a situation that might be able to use this, but we do have an On-Demand Certificate Authentication in our APM policy. We now have a requirement to connect to this VIP on a specific URL for a SOAP-based web service. Unfortunately, the POST method with the SOAP payload is encountering the 302 redirects to /my.policy. By the time it gets to back to the original SOAP endpoint, the request has become a GET and the payload is no longer being transmitted.

 

Also, we are trying to do this with mutual TLS, but because of the On-Demand Certificate Authentication, the client certificate is not requested until at least the 3rd redirect (the one with my.policy?nonce=?????). Is there no way around this?

 

Thanks in advance for any direction you might be able to point me towards,

 

Charlie