client authentication/user authentication certificates

Question

Hello team,&nbsp;
We have 6 external users/vendors using single vip to access the application like below and we are using client ssl authentication, Can we do any user based validation and allow the connection. as per the below configuration if they interchange the certificate or share the certificate they can use the application. &nbsp;
user1 &gt; https://secure1.mydomain.com 
user2 &gt; https://secure1.mydomain.com&nbsp;
user3 &gt; https://secure1.mydomain.com&nbsp;
user4 &gt; https://secure1.mydomain.com   &nbsp;
Please suggest me how to proceed.&nbsp;

mikegray_198028 · Answer

Any idea guys?

josiah_39459 · Answer

Yes, you can. All the information from the client cert authentication is stored in session variables (you can verify this in the reports in the GUI or the 'sessiondump' command via the CLI). Then you can use those session variables in the Advanced Resource Assign to assign different ACLs to different users.

mikegray_198028 · Answer

We have only LTM module at present

josiah_39459 · Answer

Then you'll want to use an irule.  Take a look at the examples in CLIENTSSL_CLIENTCERT: https://clouddocs.f5.com/api/irules/CLIENTSSL_CLIENTCERT.html  However, if you really need to block urls for security reasons you will want to consider more than just an irule, some real security solution.

Forum Discussion

client authentication/user authentication certificates

4 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

RADIUS server authenticating user with Google Authenticator

RADIUS server using APM to authenticate users

Remote User Authentication (e.g. F5 admins) using Azure Active Directory

Creating local users when using Remote Authentication and unavailable login

AD Authentication using multiple user attributes