APM On-Demand cert auth failing for curl command line client

MVP

Apr 10, 2023

Also you may try API protection profile as I think you are getting redirection based on APM login page or something like that. You can't use client cert but oauth access token is something similar as this is only what you have:

https://clouddocs.f5.com/training/community/access-solutions/solution13/guide/guide.html

https://www.youtube.com/watch?v=-2ndGH9Dp1Q

The oauth server can still accept the client ssl cert before giving the token:

https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-access-policy-manager-oauth-configuration-14-1-0/using-apm-as-an-oauth-2-server.html

Also try a per-request policy https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-access-policy-manager-authentication-methods/on-demand-certificate-authentication.html

-----------------

When configuring On-Demand certification authentication in a

per-request policy

, avoid having any other agent before the On-Demand Cert Auth agent if the client SSL profile on the virtual server has the

Client Certificate

field set to

ignore

. This configuration makes the per-request policy re-execute the subroutine when it reaches the On-Demand Cert Auth agent. This can cause the per-request policy to go to the unexpected branch on each agent located before On-Demand Cert Auth agent.

Forum Discussion

APM On-Demand cert auth failing for curl command line client

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

APM Cookbook: On-Demand VPN for iOS Devices

On Demand VPN sur iOS

F5 Friday: Domain Sharding On-Demand

F5 on demand Video – Synthesis

Re activate license failed