Neil2017_309153
May 25, 2017Nimbostratus
Client Cert Authentication for BIG-IP MGMT-Custom mapping X509 to AD
I would like to use Client Cert authentication (Microsoft Windows Active Directory server) for authenticating BIG-IP system user accounts, that is, traffic that passes through the management interface (MGMT). Subject and Issuer fields from X509 Certificate are mapped to altSecurityIdentities attribute in AD. X509 Certificate does not contain the sAMAccountName. The user would simply type the name of the account (Username Hint) and the PIN for his smartcard to sign-in to the interface.
Is it possible to map X.509 attributes to altSecurityIdentities in AD to identify a system user during authentication? If the mapping is possible, would please give an example on how custom mapping is done using BIG-IP LTM.