Squeak
Oct 08, 2019Cirrus
Irule to match two APM variables
I need some help with an Irule that should have this logic,
The attribute "samlattr" must match the value "employeeID" if there are a match the VPE should continue. If there are no match, the session should be terminated.
The variable "session.saml.last.attr.name.xyz" originates from a external IDP.
The variable "session.ldap.last.attr.employeeID" are a local AD attribute.
I´ve created this Irule, but it dosen´t seems to be working.
when ACCESS_POLICY_AGENT_EVENT {
set samlattr [ACCESS::session data get "session.saml.last.attr.name.xyz"]
set employeeID [ACCESS::session data get "session.ldap.last.attr.employeeID"]
if { [ class match $samlattr eq $employeeID] } {
} else {
discard
}
}
Any takes?