Hello devs! Happy 2018 guys!
We have an APM on our environment serving as VPN. The policy first authenticates the user against AD and after talks to a SMS device users can receive their two fact...
when ACCESS_POLICY_AGENT_EVENT {
if { [ACCESS::policy agent_id] eq "irule_SMS" } {
if {[active_members pool_SMS] > 0} {
ACCESS::session data set session.custom.sms_server "up"
} else {
ACCESS::session data set session.custom.sms_server "down"
}
}
}
The policy was like this:
The iRule event like this:
And the branch rule like this:
Believe it or not, I got stuck because I forgot to apply this iRule under the VS that this APM policy is running.
Session variables were logged like this:
5c319b08.session.custom.sms_server 4 down
e33364e8.session.custom.sms_server 2 up
In this specific test, the result was that when the pool_SMS was available (active members were greater than zero), user got the logon page and when pool_SMS was down (active members was zero), user got the message box. Now I just have to replicate this on my environment before the MFA policy block.