Forum Discussion
eric_haupt1
Mar 27, 2019Nimbostratus
Here is my current version - Pulls digits from subject and builds UPN, grabs UPN from x509, or pulls email from x509. Been using this a long time.
` when ACCESS_POLICY_AGENT_EVENT {
switch [ACCESS::policy agent_id] {
"CACPROCESSING" {
if { ([regexp {([0-9]{16}|[0-9]{10})} [ACCESS::session data get session.ssl.cert.subject] var_temp_piv ] == 1) and ([ACCESS::session data get session.ssl.cert.issuer] contains "COMPANY") } {
set var_temp_upn "$var_temp_piv@COMPANY"
set var_session_start [clock format [clock seconds] -format {%d %b %Y %T %Z}]
ACCESS::session data set session.custom.cert.upn $var_temp_upn
ACCESS::session data set session.custom.start.time $var_session_start
}
else { if { [ACCESS::session data get session.ssl.cert.x509extension] contains "othername:UPN<" } {
set var_temp_upn [findstr [ACCESS::session data get session.ssl.cert.x509extension] "othername:UPN<" 14 ">"]
set var_session_start [clock format [clock seconds] -format {%d %b %Y %T %Z}]
ACCESS::session data set session.custom.cert.upn $var_temp_upn
ACCESS::session data set session.custom.start.time $var_session_start
}
else { if { [ACCESS::session data get session.ssl.cert.x509extension] contains "email:" } {
set var_temp_x509extension ([string map -nocase {" " "" \n "" \r ""} [ACCESS::session data get session.ssl.cert.x509extension]])
set var_temp_email [findstr $var_temp_x509extension "email:" 6 "X509"]
set var_session_start [clock format [clock seconds] -format {%d %b %Y %T %Z}]
ACCESS::session data set session.custom.cert.email $var_temp_email
ACCESS::session data set session.custom.start.time $var_session_start
}
}}}}}`