APM domains: How to switch based on user input?
As part of a project to migrate some users away from Microsoft ISA Server to F5 APM, I'm trying to replicate how a certain form works, to keep end-users from noticing and/or panicking. 🙂
The form has "username" and "password" text boxes, and a set of radio buttons for "domain". That's all easy enough. The user can select a domain, enter credentials, and things work. In the VPE, the logon form has several branches like this:
expr { [ mcget "session.logon.last.domain" ] equals "DOMAINNAMEHERE" }
After that, there are separate AD Auth actions, and suitable SSO mappings. Almost everything works. Almost ...
There's an edge case that doesn't work. If you select one domain, attempt to login, then switch domains, APM doesn't catch that, and keeps trying to authenticate against whichever domain you selected first.
How can I adjust my policy, to handle the case where the user switches the "domain" radio button?