Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Verify that user name when logging in is an Email address

We have implemented an APM on our system to bring multiple systems into one central portal. It works well as long as everything is entered correctly, but I discovered one bug today. They way it works is it initially looks at the subnet that the user is connecting with. If they are are on a corporate subnet, it authenticates via NTLM. If they are on an external subnet, it takes them to an logon page. The external logon page is also used by several of our customers and they have accounts created in our external domain. This branch of the APM looks at email address on the logon and then decides to route to either our internal DC for authentication (if the logon contains *@mycompany.com) or to the external DC if it contains anything else (we have multiple external emails that are mapped to external domain accounts).

I have the logon box labeled "Email", but i have found that if the user logs in with anything other than email address, such as first.last, it automatically creates a session to authenticate against the external domain, since it did not contain *@mycomany.com, and every attempt after will fail. If email is put in, it works proper every time.

Does anyone have a way to verify at the logon page that there is an "@" symbol in the logon before it moves down the APM flow? That or either loop back through full APM on every logon attempt.

Thanks,

Mike

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Sorry, please locate the foreach loop below and add a case for email and it should works now :

switch( $field_settings["type"] ){
        case "select":
            foreach( $options as &$o ){
                $fieldStr .= "<option value=\"{$o}\" ".( $field_settings["value"] == $o ? 'selected' : '' ).">{$o}</option>";
            }
            $fieldStr = "<select name='{$field_settings["name"]}' id='input_{$id}' class='credentials_input_{$field_settings["type"]}{$_disabled}' {$disabled}>{$fieldStr}</select>";
        break;
        case "radio":
            foreach( $options as $k=>&$o ){
                $fieldStr .= "<div class='radio-div'><input type='radio' value=\"{$o}\" name='{$field_settings["name"]}' id='input_{$id}_{$k}' ".( $field_settings["value"] == $o ? "checked" : "" )." {$disabled}/><label for='input_{$id}_{$k}' id='label_input_{$id}_{$k}' class='radio-label' style='display: inline'>{$o}</label></div>";
            }
        break;
        case "checkbox":
        case "text":
        case "password":
            $fieldStr = "<input type='{$field_settings["type"]}' name='{$field_settings["name"]}' class='credentials_input_{$field_settings["type"]}{$_disabled}' value='{$field_settings["value"]}' id='input_{$id}' autocomplete='off' autocapitalize='off' {$disabled}/>";
        break;
        case "email":
            $fieldStr = "<input type='{$field_settings["type"]}' name='{$field_settings["name"]}' class='credentials_input_{$field_settings["type"]}{$_disabled}' value='{$field_settings["value"]}' id='input_{$id}' autocomplete='off' autocapitalize='off' {$disabled}/>";
        break;
    }
1
Comments on this Answer
Comment made 06-May-2016 by Yann Desmarest 4499
Just to precise that the email input is html5. It may be not supported on F5. If the above code fails. I would recommend to create a macro on the vpe that include the logon page with an additional branch that look for an email within the username variable (you can use a tcl expr). If the user goes to the fallback branch, You loop until the user set something that can be à valid email address in the field.
0
Comment made 06-May-2016 by mike.drennen 268
That works perfect. thanks a lot.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hello,

You can modify the logon page to add input validation so that normal users will not be able to submit anything except email addresses. You can do this by changing the input type in the Advanced Customization settings. Locate the logon.inc used by your access profile and change

1 => array( "type" => "text", "name" => "username", "varname" =>"username", "rw" => "1", "caption" => '%[logon_field_1]', "selectvalues" => "" ),

by

1 => array( "type" => "email", "name" => "username", "varname" =>"username", "rw" => "1", "caption" => '%[logon_field_1]', "selectvalues" => "" ),

0
Comments on this Answer
Comment made 06-May-2016 by mike.drennen 268
Thanks for the response, that definitely looks like exactly where i need to be making changes. When i changed the field settings to "email", it removed the text box when i go to the logon screen. If i leave it "text" or set it to "password", it does as expected.
0