Forum Discussion

Sharank's avatar
Sharank
Icon for Nimbostratus rankNimbostratus
Aug 16, 2018

F5 APM SSL VPN RESOURCE Assign.

Hi,

 

We are implementing F5 APM SSL Vpn solution and have the following query.

 

1) Can a user be assigned resources based on his Group(Ad query) and user name simultaneously.

 

I know either we can assign resources either based on Group (Ad Query) or User name,

 

But since the user will be already authenticated by AD before the Ad query, can we assign resources based on his Ad group and Individual name both at the same time,

 

Please need your suggestions/Guidance

 

Regards Sharan Kumar

 

APM
application delivery
LTM

4 Replies

Sort By
  • KeesvandenBos's avatar
    KeesvandenBos
    Icon for MVP rankMVP
    Aug 16, 2018

    Within advanced resource assignment, go to the expression. The advanced tab and type:

    expr { [mcget {session.ad.last.attr.memberOf}] contains "CN=MY_GROUP, CN=Users, DC=MY_DOMAIN1" && [mcget {session.logon.last.username}] equals "username" }

    Please replace the username and domain group to the correct values.

    Cheers,

    Kees

  • _Mo__2_200892's avatar
    _Mo__2_200892
    Icon for Nimbostratus rankNimbostratus
    Aug 16, 2018

    Hi Sharank,

    Through F5 APM the user who create a session has session variables and on my opinion you could imagainate the workflow you want and attach the Full Resources Assign by using :

    session.logon.last.username

and

session.ad.last.attr.memberof

or if ldap is used, the session variable is:

session.ldap.last.attr.memberof

    Regards.

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Aug 17, 2018

    In access policy advanced resource assign, if a user match multiple rules (on for groups and one for username for example) he will have all resources from these rules!