Nimbostratus
Nimbostratus
The problem centers around the Search Type option. We tried "User", but that doesn't do exactly what the F5 description says. The description say that the F5 will look for the user in ldap and if there is a client cert with that user then they are authenticated. We found that even without a cert attached to the user, the F5 considers them authenticated. So basically it doesn't work the way they say it does. All it cares, is if there is a valid username in the directory that matches what is on the incoming cert, that your good to go. That is not adequate in our opinion.
So next we wanted to try "Certificate Map" type. Unfortunately we have no idea what the "Certificate Map Key" field is supposed to contain, and scouring googe, novell and F5 sites we haven't been able to find out any information on how to make it work using the "certificate map" type.
The third option is certificate, but that too is confusing as we don't necessarily know what goes in some of the extra fields it presents and we can't find anything online to guide us in that area either.
So we're trying to find information online or through forums, find people who have successfully done this sort of thing.
I'll read through the docs you provided though and see if I can gleam anything new. Thanks.