Insert client certificate into APM session variable via IRule

Question

Hello!
First time poster longtime reader. 
I´m trying to extract the Subject value from a client certificate and insert the value in to a APM session variable but with no luck. 
The Irule in question looks like this
when CLIENTSSL_CLIENTCERT {
log local0. "Subject: [X509::subject [SSL::cert 0]]"
  if {[SSL::cert count] &gt; 0}{
    set client_cert [SSL::cert 0]
    set subject [findstr [X509::subject [SSL::cert 0]] "CN=" 3 ","]
    ACCESS::session data set session.client.unique_id $subject
    log local0. "Current ID = $subject"
  }
}   
when ACCESS_POLICY_COMPLETED {
   set subject [ACCESS::session data get session.client.unique_id]
}

I´m able to see the subject" variable in /var/log

When I´m executing the Access Policy, the session.client.unique_id variable are not populated with the  subject" variable from the Irule.

My VPE looks like this,

Thanks in advance!
//Mikael,

jad_tabbara__j1 · Answer

Hello Squeak, 
Have you added the event "Access_Policy_Agent_Event" to set your variable ? 
when ACCESS_POLICY_AGENT_EVENT {

if { [ACCESS::policy agent_id] eq "id_of_your_irule_event" } {
 ACCESS::session data set session.client.unique_id $subject
 log local0. "Verifying the value of unique_id ===&gt; [ACCESS::session data get session.client.unique_id]"
}

}

Forum Discussion

Insert client certificate into APM session variable via IRule

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

APM Session Variable Logging

Re: Management Certificate

iRule variable

My Security+ Certification Journey

Certifications for security professionals