DoD CAC Auth with LTM

Hello, I am attempting to configure our F5s to require user to authenticate using their DoD CAC to gain access to our test apps behind the F5s. Originally, I've tried the following configuration w...

application delivery

cloud

PeteWhite
Aug 17, 2023
If you want to authenticate the user's client certificate on the BIG-IP then you use the Client SSL profile as you have done. When they connect they will be presented with a dialog box asking for a cert, if it is incorrect they will get an SSL error. This can also be done with APM which gives a nicer user experience ie it can tell them what went wrong, or you can do that with iRules.

However, if you then want to present that client certificate to the web server then you need to work out how to do that. Essentially there are two ways - add the client cert in an HTTP header (using an iRule or policy), or present it at the SSL layer using Client Certificate Constrained Delegation (C3D) https://my.f5.com/manage/s/article/K14065425

Forum Discussion

DoD CAC Auth with LTM

Recent Discussions

VPN fragmented IP packets dropped

minimum tmos software version for connect CIS (openshift)

security patch release

redirect not working

Reliable resources for identifying IP addresses

Related Content

BIG-IP Meets DoD’s Needs for Next Level Logging Capabilities

Bolt-on Auth with NGINX Plus and F5 Distributed Cloud

Insert Basic Auth Header

HTTP auth - Calling external API with parameters

You want Modern Auth … for an app or client that’s stuck in the 2010s