Forum Discussion

Sam_Hall's avatar
Sam_Hall
Icon for Nimbostratus rankNimbostratus
Oct 12, 2015

APM iRule Event in a macro loop

On LTM 11.6. I've implemented a Google Authenticator Access Policy a little differently than the policy designed by George Watkins. Instead of using "Redirect to error login page" I have my login page in a macro with a loop...

What I'm noticing is that APM is ignoring changes to session data after the 1st time the iRule Event fires. For example, user enters the wrong OTP code 1st time around and then the correct OTP code on the second time through the loop...

  1. iRule sets the session.custom.otp_result to 1
  2. APM correctly branches to OTP Failed message
  3. Next time, iRule sets session.custom.otp_result to 0
  4. APM still thinks session.custom.otp_result is 1 and branches to OTP Failed message

At the end of my iRule I've added logging:

 

ACCESS::session data set session.custom.otp_result $otp_result
log local0. "Result: $otp_result"
log local0. "Session: [ACCESS::session data get session.custom.otp_result]"

 

Which output:

 

Rule /Common/otp_verify_apm_irule : Result: 0 
Rule /Common/otp_verify_apm_irule : Session: 0

 

And the APM "Logging" dealy directly after the iRule Event outputs the following...

session.custom.otp_result is 1

What's going on here? Is this a bug?

3 Replies