Forum Discussion

Sarthak_Mohant1's avatar
Sarthak_Mohant1
Icon for Nimbostratus rankNimbostratus
Jul 25, 2018

Capture Device ID(ASM Fingerprint) within an access policy under APM module.

Hi Team,

    I need your assistance in achieving below requirement.


    Currently the requirement is to utilize ASM generated device ID/ fingerprint within an access policy to achieve Multi-Factor Authentication after usual AD authentication & AD Query components are executed successfully.

I'm able to log different ASM components including fingerprint by using an iRule as below: when ASM_REQUEST_DONE { log local0. "DEBUG: ASM_REQUEST" set fp [ASM::fingerprint] set ip [ASM::client_ip] set sig [ASM::signature ] set st [ASM::status] set si [ASM::support_id] set ip [IP::client_addr] log local0. "Obtained client Fingerprint, IP Address, Signature List, Request Status & Support ID are respectively $fp, $ip, $sig, $st and $si" }

However needing assistance currently to find a way by which this fingerprint can be passed to the access policy for further verification & if it's for a new user/ device, it needs to be stored under AD further.

Can anyone suggest, how the Device Id (fingerprint) that is captured as part of a user log-in can be passed/ captured with the APM access policy & passed though the access policy further? I was looking at iRule event in an access policy, but it's event are specific & probably with this requirement can't be used. Also is there a way to create a temporary session variable to store this Device ID (fingerprint) for each session? if possible, can anyone give an example how to fetch the fingerprint & store it in custom cookie or session variable. Many thanks in advance.
APM
iRules
security

1 Reply

Sort By
  • Imran_Abid's avatar
    Imran_Abid
    Icon for Altocumulus rankAltocumulus
    Jul 29, 2019

    Hi Sarthak,

     

    You can pass the ASM Device ID as part of HTTP Header to APM.

     

    So basically, it will be three steps process:

     

    1) Insert ASM Device ID to HTTP Header.

     

    Inside your existing ASM iRule, add this code:

     

    when ASM_REQUEST_DONE {

    set device_id [ASM::fingerprint]

    set ip [IP::client_addr]

    log local0. "Device ID: $device_id, IP: $ip"

    }

     

    when HTTP_REQUEST_SEND {

      clientside {

      # Need to force the host header replacement and HTTP:: commands into the clientside context

      # as the HTTP_REQUEST_SEND event is in the serverside context

      HTTP::header insert "device_id" "$device_id"

      }

    }

     

    2) Extract Device ID from HTTP Header and set it as a custom variable in APM.

     

    Create a new iRule and call it in your APM policy:

     

    when CLIENT_ACCEPTED {

    ACCESS::restrict_irule_events disable

    }

    when ACCESS_SESSION_STARTED {

    #push the device id from the HTTP header to the access policy. Below line brings the device_id value from ASM iRule to APM iRule.

    set device_id [HTTP::header value "device_id"]

    log "http request to [HTTP::uri] with device_id: $device_id"

    ACCESS::session data set "session.custom.device_id" "$device_id"

    # Above line defines the custom device_id variable for APM session because in APM device_id variable does not exist.

     

    3) Now you can use this new APM session variable in your access policy: [ACCESS::session data get "session.custom.device_id"]

     

    I hope it helps.

     

    Regards