F5 Authentication with web application using CAC

Question

Currently using F5 Authentication via CAC with a web application. Our Web applications authentication is via EDIPI number so we have to create account within the application based on that. What can we do to change from EDIPI to include email address.

nicholas_p__308 · Answer

We use a similar method, in the string to query you should have something like following:
an EXTRACTEDIPI iRULE
an Access Policy to call the event
and within the access policy a custom search string .. (orclsecondaryuid=%{session.custom.edipi})
The iRULE will looking something like this ..
    set EDIPI [string range [findstr [ACCESS::session data get session.ssl.cert.subject] "CN=" 3 ","] [expr [string last "." [findstr [ACCESS::session data get session.ssl.cert.subject] "CN=" 3 ","]] + 1] end]
    if { [string tolower $EDIPI] equals "blahblah" }  {
      set EDIPI [findstr [ACCESS::session data get session.ssl.cert.subject] "CN=" 3 "."]

The CN = 3 is the important part, this is how many spaces from the period "." it will search for the requested information. You would set this to the email portion

Forum Discussion

F5 Authentication with web application using CAC

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

About AWAF "Redirect URLs" in "Responses and Blocks"

ISP Bandwidth Utilization

F5 Rseries HA

Related Content

AD Authentication using multiple user attributes

Use x-forwarded-for to bypass authentication?

HTTPS Application Configuration

iWorkflow application deployment issue

HMAC Authentication using F5