Forum Discussion
NimbostratusAPM - choose a policy branch based on a checkbox status on login page
Is it possible to choose a branch in APM security policy based on a checkbox status captured on the login page (in essence I need a non-interactive equivalent of the standard Decision Box policy element)? I feel this should be possible but do not want to invite a bicycle here - has anybody done something similar?
10 Replies
Yann_DesmarestCirrus
Hi,
You can add a check box field in the logon page object by select a "checkbox" type.
Then, you can add a branch rule to the logon page object and you specify an advanced expression :
expr { [mcget {session.logon.last.field3}] == 1 }
Nikolay_MatveevBrilliant. Thank you very much! A branch with mcget is a bicycle indeed! :)
Yann_Desmarest_Nacreous
Hi,
You can add a check box field in the logon page object by select a "checkbox" type.
Then, you can add a branch rule to the logon page object and you specify an advanced expression :
expr { [mcget {session.logon.last.field3}] == 1 }- Nikolay_MatveevBrilliant. Thank you very much! A branch with mcget is a bicycle indeed! :)
JoeTheFifthAltostratus
I had the same requirement. I added a checkbox and an expr. The checkbox is on logonpage and starts password reset workflow. This flow only works if I leave user/password empty => check the box and click logon If I enter a bad user and or bad password and get access denied and back to the logon page the reset password flow does not work anymore, meaning if I check the box (I forgot my password) and click logon then flow resumes the logon attempts and bypasses the expr branch. I guess I'll have to add some javascript to reset the logonpage when this checkbox is checked. Anyone with a better solution?
- JoeTheFifth
Been a long time :-) I created a macro with a loop count of 3 and put the ad auth retry count to 1.
- JoeTheFifth
now after having worked with a relatively complex policy for a while I went back to testing the whole setup and can not make this checkbox variable return 1 !!! If checked the checkbox variable shows up in the apm log. if not checked it does not show. I even created a brand new policy with no irules and cannot get the checkbox to return 1 when checked !! I might have to start with a fresh install of the bigip vm.
- JoeTheFifth_453
Been a long time :-) I created a macro with a loop count of 3 and put the ad auth retry count to 1.
- JoeTheFifth_453
now after having worked with a relatively complex policy for a while I went back to testing the whole setup and can not make this checkbox variable return 1 !!! If checked the checkbox variable shows up in the apm log. if not checked it does not show. I even created a brand new policy with no irules and cannot get the checkbox to return 1 when checked !! I might have to start with a fresh install of the bigip vm.
- JoeTheFifth
ok. Found it. I was playing with the web_host.js to debug a logonpage javascript error and commented this line return (window.external && typeof window.external === 'object'); I forgot to uncomment it.
DefaultExternalWebHostImpl.prototype.isAvailable = function() { return (window.external && typeof window.external === 'object'); }
I still have the logonpage error when an office client call trigger the apm auth with the mini ie browser. I will open another thread for this error.
