NimbostratusHey Guys,
Could anyone advise how I can send:
HTTP::header insert USER "[ACCESS::session data get session.logon.last.username]"
HTTP::header insert DOMAIN "[ACCESS::session data get session.custom.domain]"
to the back end servers once user is authenticated using VPE ?
Thanks,
NacreousThis page will tell you what you need to know. More specifically the New events section... https://devcentral.f5.com/articles/http-event-order-access-policy-manager
Given the logs shows the ACCESS events do not appear to be triggered in APM+LTM mode the new events allow you to take actions post APM. The middle iRule is what you need. The others were just to confirm the behaviour.
when ACCESS_POLICY_COMPLETED {
log local0. "in ACCESS_POLICY_COMPLETED 500"
if {[ACCESS::policy result] eq "allow"} {
HTTP::header insert USER "[ACCESS::session data get session.logon.last.username]"
HTTP::header insert DOMAIN "[ACCESS::session data get session.custom.domain]"
}
}
when HTTP_REQUEST_RELEASE priority 200 {
log local0. "in HTTP_REQUEST_RELEASE 200"
HTTP::header insert USER "[ACCESS::session data get session.logon.last.username]"
HTTP::header insert DOMAIN "[ACCESS::session data get session.custom.domain]"
}
when HTTP_REQUEST_RELEASE priority 900 {
log local0. "in HTTP_REQUEST_RELEASE 900"
log local0. "Headers [HTTP::header names]"
}
CumulonimbusHi,
the ACCESS_ACL_ALLOWED is the best event to insert APM headers.
when ACCESS_ACL_ALLOWED {
if {![info exists APMusername]} {
set APMusername [ACCESS::session data get session.logon.last.username]
}
if {![info exists APMdomain]} {
set APMdomain [ACCESS::session data get session.custom.domain]
}
HTTP::header insert USER $APMusername
HTTP::header insert DOMAIN $APMdomain
}
Store these values in tcl variables for next requests,
ACCESS::session