Sarthak_Mohant1
Jul 25, 2018Nimbostratus
Capture Device ID(ASM Fingerprint) within an access policy under APM module.
Hi Team,
I need your assistance in achieving below requirement.
Currently the requirement is to utilize ASM generated device ID/ fingerprint within an access policy to achieve Multi-Factor Authentication after usual AD authentication & AD Query components are executed successfully.
I'm able to log different ASM components including fingerprint by using an iRule as below: when ASM_REQUEST_DONE { log local0. "DEBUG: ASM_REQUEST" set fp [ASM::fingerprint] set ip [ASM::client_ip] set sig [ASM::signature ] set st [ASM::status] set si [ASM::support_id] set ip [IP::client_addr] log local0. "Obtained client Fingerprint, IP Address, Signature List, Request Status & Support ID are respectively $fp, $ip, $sig, $st and $si" }
However needing assistance currently to find a way by which this fingerprint can be passed to the access policy for further verification & if it's for a new user/ device, it needs to be stored under AD further.
Can anyone suggest, how the Device Id (fingerprint) that is captured as part of a user log-in can be passed/ captured with the APM access policy & passed though the access policy further? I was looking at iRule event in an access policy, but it's event are specific & probably with this requirement can't be used. Also is there a way to create a temporary session variable to store this Device ID (fingerprint) for each session? if possible, can anyone give an example how to fetch the fingerprint & store it in custom cookie or session variable. Many thanks in advance.