Forum Discussion

eLeCtRoN's avatar
eLeCtRoN
Icon for Cirrus rankCirrus
Dec 03, 2014

Changing/Manipulate the value of an access policy session variable

Hi,

 

my question is, I want to do a access policy in APM first ist the Logon Page -> RSA SecureID Server Auth -> (iRule Event) -> variable assignment -> Active Directory Auth -> SSO credential mapping -> to a Webtop with OWA

 

a perfekt example is on this page https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-6-0/6.html (in the middel of the page) soooo but in my case is the main reason the username. The username at the RSA SecureID Server is rsa_testuser and the name of the user in Active Directory is just testuser, is it possible to change the username who is inside the variable to cut the "rsa_" ?

 

here is a good idea to do that https://support.f5.com/kb/en-us/solutions/public/13000/200/sol13296.html but in this example change the complete username to always the same username ! At the Logon Page I want to set just the RSA_Username + Passcode (PIN+RSAToken) and the AD password not more ! Maybe someone has a idea/solution for that.

 

thanks, best regards Manuel

 

application delivery
BIG-IP Access Policy Manager (APM)
devops
iRules
LTM
microsoft
security

4 Replies

Sort By
  • eLeCtRoN's avatar
    eLeCtRoN
    Icon for Cirrus rankCirrus
    Dec 03, 2014

    Hi,

     

    thanks for your answer, is it possible to get an example iRule which show me how do use the "string trimleft" for my case ?

     

    when ACCESS_POLICY_AGENT_EVENT {

     

    if { [ACCESS::policy agent_id] eq "change_username" } {

     

    Cut/Change session variable to correct value

     

    ACCESS::

     

    }

     

    }

     

    it would be pretty cool could someone correct or extend the iRule for my case !?

     

    thx, best regards Manuel

     

  • Walter_Kacynski's avatar
    Walter_Kacynski
    Icon for Cirrostratus rankCirrostratus
    Dec 03, 2014

    Try this:

    when ACCESS_POLICY_AGENT_EVENT {    
   if { [ACCESS::policy agent_id] eq "change_username" } {
   Cut/Change session variable to correct value
   set new_username [string trimleft [ACCESS::session data get "session.logon.last.username"] "ras_"]
   ACCESS::session data set "session.logon.custom.username"] new_username
}
}