Forum Discussion
Kevin_Stewart
Oct 23, 2015Employee
Add an iRule event agent to the visual policy right after the OCSP auth. Give it an ID of "CERTPROC". Add an iRule to fetch the certificate SAN UPN:
when ACCESS_POLICY_AGENT_EVENT {
switch [ACCESS::policy agent_id] {
"CERTPROC" {
if { [ACCESS::session data get session.ssl.cert.x509extension] contains "othername:UPN<" } {
ACCESS::session data set session.logon.last.username [findstr [ACCESS::session data get session.ssl.cert.x509extension] "othername:UPN<" 14 ">"]
}
}
}
}
Add an LDAP Query agent after the iRule event and use the following LDAP filter:
userPrincipalName = %{session.logon.last.username}
If the LDAP query succeeds, you should have a session.ldap.last.attr.sAMAccountName session variable with the user's SAM name.