APM Client Certificate Validation when using policy evaluate
I am in the process of creating an iRule that uses ACCESS::policy evaluate to run the incoming HTTP request through an APM policy, but am having issues with getting the Client Certificate Validation to work - it is failing even though the provided client certificate is valid and successfully passes the Client SSL profile validation which is set to require with a list of trusted CAs.
I tried adding logging of the certificate variables in the APM VPE (session.ssl.*) but it is coming up empty, which leads me to believe that when using ACCESS::policy evaluate, the policy is not properly getting the client certificate details.
This is what my iRule basically looks like:
set flow_sid [ACCESS::session create -timeout 30 -lifetime 30]
ACCESS::policy evaluate -sid $flow_sid -profile $static::policyName \
session.logon.last.username [HTTP::username] \
session.logon.last.password [HTTP::password]
Does anyone know how I can "pass" the client certificate details to the policy? The trivial session.ssl.cert.whole [SSL::cert 0] didn't work 😞