Forum Discussion
Daniel_Wolf
Dec 06, 2021MVP
Hi ,
I think the german Antragsteller is the Subject of the certificate. You can use an iRule to extract the string after E =. Take a look the the X509::subject command, see here: https://clouddocs.f5.com/api/irules/X509__subject.html.
Without the ability to test it, I think this should work:
when ACCESS_SESSION_STARTED {
set mailAddress [lindex [split [X509::subject [SSL::cert 0]] "E="] end]
if { $mailAddress != "" }{
log local0. "Client Certificate received: $mailAddress"
}
ACCESS::session data set session.logon.temp.mailAddress $mailAddress
}
This way you can access the custom session variable session.logon.temp.mailAddress during policy evaluation. Let me know if this helps.
KR
Daniel