Forum Discussion
amolari
Dec 18, 2014Cirrus
F5 will be able to check the user certificate but in no way if it's on a token or not (this "info" is not available at all in the communication). Here it's a PKI policy that helps. You should either have
- certificates on token are issued by a specific CA (higher assurance): the APM will check only client certs issued by that CA
- certificates on token have specific properties: the APM can check this properties (that will require an iRule)
Hopefully you have already deployed you certificates in a way that you can apply either 1) or 2)