Hi Mathew,
just completed the quick repro for the selective client certificate authentication. Below is the iRule I came up with...
when CLIENTSSL_HANDSHAKE {
if { [SSL::verify_result] == 0 } then {
Authenticated user
set clientCRT 1
} else {
Anonymous user
set clientCRT 0
}
}
when HTTP_REQUEST {
if { $clientCRT } then {
Authenticated user
HTTP::respond 200 content "Result_Code = [X509::verify_cert_error_string [SSL::verify_result]] | The user \"[X509::subject [SSL::cert 0]]\" is authenticated" "Content-Type" "text/html"
} else {
Anonymous user
HTTP::respond 200 content "Result_Code = [X509::verify_cert_error_string [SSL::verify_result]] | Anonymous Request" "Content-Type" "text/html"
}
}
Note: The Client SSL Profile was set to request the Client Certificate with appropiate "Trusted Certificate Authorities" "Advertised Certificate Authorities" chains in place.
Note2: The included [HTTP::respond 200] commands are for testing purposes. You need to replace these with your original [pool] selection / [HTTP::redirect] code once you've verified the functionality.
Cheers, Kai