ltm rule command MQTT username
iRule(1) BIG-IP TMSH Manual iRule(1)
MQTT::username
Get or set user-name field of MQTT CONNECT message.
SYNOPSIS
MQTT::username (NAME)?
DESCRIPTION
This command can be used to get or set username field of MQTT message. This command is valid only for
following MQTT message types:
CONNECT
Syntax
MQTT::username [ ]
MQTT::username
* Get the user-name field of MQTT CONNECT message.
MQTT::username
* Set the user-name field of MQTT CONNECT message to specified string.
RETURN VALUE
When called without an argument, this command returns the user-name field of MQTT CONNECT message.
VALID DURING
MQTT_CLIENT_INGRESS MQTT_SERVER_INGRESS MQTT_CLIENT_DATA MQTT_SERVER_DATA MQTT_CLIENT_EGRESS
MQTT_SERVER_EGRESS
EXAMPLES
#Enrich MQTT username with SSL client-certificate common name, reject unauthorized accesses:
when CLIENT_ACCEPTED {
set cn ""
}
when CLIENTSSL_CLIENTCERT {
set cn [ lindex [ split [lindex [ split [X509::subject [SSL::cert 0]] "," ] 0 ] "=" ] 1 ]
log local0. "Client Cert Common Name: $cn"
}
when MQTT_CLIENT_INGRESS {
if {[MQTT::type] == "CONNECT"} {
if {$cn == ""} {
MQTT::drop
MQTT::respond type CONNACK return_code 5
} else {
set user [MQTT::username]
MQTT::username "$cn:$user"
}
}
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-13.0.0 --First introduced the command.
BIG-IP 2020-06-23 iRule(1)