APM - CAC Authentication: Present specific Certificate to User
We recently upgraded from 11.2 to 11.5 HF7: CAC authentication is functional via APM. Users are currently being presented 3 certificates and I'd like the users to be presented with 1 certificate.
What I'd like to do: *I'm not too savvy with VPE and APM in how our old iRules translate to APM. :)
Currently my access policy reads:
session.logon.last.upn = set e_fields [split [mcget {session.ssl.cert.x509extension}] "\n"]; foreach qq $e_fields { if {[string first "othername:UPN" $qq] >= 0} { return [string range $qq [expr { [string first "<" $qq] + 1 } ] [expr { [string first ">" $qq] - 1 } ] ]; } } return "";
--- I'd like to have *Cert 0, which is the "Email" cert, presented.
- From what I have researched and theorize, I need to change the "othername:UPN" or add a branch Rule?
Our old iRule / Pertinent information that allowed this to work:
set this_cert [SSL::cert 0] set clientip [IP::client_addr]
*Of the above, how do I do the equivalent in APM?
-