For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

APM Clientless certificate authentication

Problem this snippet solves: This code allow to configure certificate authentication with APM clientless-mode support. The APM behavior when configuring following condition is to disable clientles...

Published Nov 23, 2017

Version 1.0

application delivery

BIG-IP Access Policy Manager (APM)

certificate authentication

iRules

security

Stanislas_Piro2

Cumulonimbus

Joined January 04, 2011

View Profile

Stanislas_Piro2

Cumulonimbus

Joined January 04, 2011

View Profile

C_Ang

Nimbostratus

Apr 30, 2018

Hi Stanislas,

I have a situation that might be able to use this, but we do have an On-Demand Certificate Authentication in our APM policy. We now have a requirement to connect to this VIP on a specific URL for a SOAP-based web service. Unfortunately, the POST method with the SOAP payload is encountering the 302 redirects to /my.policy. By the time it gets to back to the original SOAP endpoint, the request has become a GET and the payload is no longer being transmitted.

Also, we are trying to do this with mutual TLS, but because of the On-Demand Certificate Authentication, the client certificate is not requested until at least the 3rd redirect (the one with my.policy?nonce=?????). Is there no way around this?

Thanks in advance for any direction you might be able to point me towards,

Charlie

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

APM Clientless certificate authentication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS