Layer 7 Access Management

F5 Reverse Proxy Server passing http headers to SSO Web Agent

  • 1.  F5 Reverse Proxy Server passing http headers to SSO Web Agent

    Posted 02-07-2019 02:00 PM

    SiteMinder webagent installed 12.52 SP1 on Windows 2008 Server, IIS7.0. Web agent was able to retrieve certificate information when F5 reverse proxy server was set to "pass through mode". When the F5 was set to mode 4 passing certificate information via http header Web agent throws error message: [Failed to get either Certificate or Forms credentials.]
    How can the siteminder retrieve the necessary header information processed by the F5 to authenticate and authorize https requests? What http header variables is SiteMinder looking for?

     


    Is there an ACO that needs to be set to pick up the header certificate data that the F5 is passing back to the webagent? How does the webagent get the certificate information in order to process the HTTPS request? F5 configuration to pass back certificate information:

     

    snapshot of F5 iRule:

     

    HTTP::header insert "CERT_SUBJECT" $subj
    HTTP::header insert "CERT_ISSUER" [X509::issuer [SSL::cert 0]]
    HTTP::header insert "CERT_SERIALNUMBER" [X509::serial_number $ssl_cert]
    HTTP::header insert "SSL_CLIENT_CERT" [b64encode [SSL::cert 0]]