Forum Discussion
MichaelatF5
Dec 04, 2015Employee
You can use FindStr in order to pull out the specific value that you want to compare to whichever AD/LDAP attribute works best for your environment, predominantly userPrincipalName or sAMAccountName.
https://devcentral.f5.com/wiki/iRules.findstr.ashx
For example:
if { [ACCESS::session data get session.ssl.cert.x509extension] contains "CN:" } {
set tmpupn [findstr [ACCESS::session data get session.ssl.cert.x509extension]
"CN:" [Arbitrary number of characters] ""]
ACCESS::session data set session.custom.certcn $tmpcn
log local0. "Extracted OtherName Field: $tmpcn"
}
You would then use the %{session.custom.certcn} in an LDAP/AD query to validate the user.