Forum Discussion

Nimbostratus

Dec 06, 2021

Extracting Email value from user certificate during Access Policy Evaluation

Hi! Maybe someone can help me with this - we changed our UPN to the e-mail address for all our users lately. In APM Policy I read the UPN from a users certificate like described in this article...

APM

application delivery

Daniel_Wolf

MVP

Dec 06, 2021

Hi ,

I think the german Antragsteller is the Subject of the certificate. You can use an iRule to extract the string after E =. Take a look the the X509::subject command, see here: https://clouddocs.f5.com/api/irules/X509__subject.html.

Without the ability to test it, I think this should work:

when ACCESS_SESSION_STARTED {
    set mailAddress [lindex [split [X509::subject [SSL::cert 0]] "E="] end]
    if { $mailAddress != "" }{
        log local0. "Client Certificate received: $mailAddress"
    }
    ACCESS::session data set session.logon.temp.mailAddress $mailAddress
}

This way you can access the custom session variable session.logon.temp.mailAddress during policy evaluation. Let me know if this helps.

Daniel

Forum Discussion

Extracting Email value from user certificate during Access Policy Evaluation

Recent Discussions

google autenticator broken barcode

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Related Content

How to Extract the UPN from a Digital Certificate on a CAC card using F5 APM

Re: Management Certificate

Automating ACMEv2 Certificate Management on BIG-IP

Parsing F5 BIG-IP LTM DNS profile statistics and extracting values with Python

Extracting the SNI server name