Client Cert Authentication for BIG-IP MGMT-Custom mapping X509 to AD

Question

I would like to use Client Cert authentication (Microsoft Windows Active Directory server) for authenticating BIG-IP system user accounts, that is, traffic that passes through the management interface (MGMT). Subject and Issuer fields from X509 Certificate are mapped to altSecurityIdentities attribute in AD. X509 Certificate does not contain the sAMAccountName. The user would simply type the name of the account (Username Hint) and the PIN for his smartcard to sign-in to the interface.&nbsp;
Is it possible to map X.509 attributes to altSecurityIdentities in AD to identify a system user during authentication? If the mapping is possible, would please give an example on how custom mapping is done using BIG-IP LTM.&nbsp;

kevin_k_51432 · Answer

Good day,
This page seems to offer quite a bit of information regarding cert-auth and AD:&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-implementations-12-0-0/29.html&nbsp;
Hope this somewhat helpful!
Kevin&nbsp;

Forum Discussion

Client Cert Authentication for BIG-IP MGMT-Custom mapping X509 to AD

1 Reply

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

Related Content

API Gateway Mapping - Gartner - F5

F5 TIC3.0 Capability Mappings

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

iRules Heat Map - US Only

F5 Network Map to Json with Python