Forum Discussion
Simon_Blakely
Sep 07, 2017Employee
And as a further addendum, regexp does not return a string, it takes a variable name to set to the match:
when ACCESS_POLICY_AGENT_EVENT {
switch [ACCESS::policy agent_id] {
"CACPROCESSING" {
if { [ACCESS::session data get session.ssl.cert.x509extension] contains "othername:UPN<" } {
set tempupn [findstr [ACCESS::session data get session.ssl.cert.x509extension] "othername:UPN<" 14 ">"]
ACCESS::session data set session.custom.certupn $tempupn }
else { if { [regexp {([0-9]{16}|[0-9]{10})} [ACCESS::session data get session.ssl.cert.subject] temppiv ] == 1 } {
set tempupn "$temppiv@company"
ACCESS::session data set session.custom.certupn $tempupn }
}
}
}
}
Add some logging and do some testing. I hope this helps.