APM - Radius Class matching

Question

Hi,&nbsp;
Have set up APM for remote login to our company, and for the most part everything works just fine.
For the "normal" user there is a combined RSA/Radius and AD authentication process to get the two-factor authentication.&nbsp;
The problem that I have now is login for some partners and support organizations.
As they do not have AD accounts I can not assign resources based on AD groups.
I need to match the radius class (i believe it is class 25) to assign resources. This is done in the current remote access solution that is in place right now (pulse secure), but I can't get my head around it in APM.&nbsp;
As I understand it it should be located in the variable: session.radius.last.attr.class
But I can't make anything of the hex string presented there...
I have set up a test account in radius that has the class set to "F5-Test", but I am unable to find this anywhere. &nbsp;
Any ideas on how this is done in APM, if it is even possible to do???&nbsp;
//A&nbsp;

josiah_39459 · Answer

When you make a branch expression (for example in the Advanced Resource Assign Agent), if you refer to the pre-built "RADIUS Class Attribute" instead of session.radius.last.attr.class you should be able to deal with it as if it were plain text.&nbsp;
In a irule or similar you would have to do a fairly complicated decoding, but it sounds like for your needs the pre-built "RADIUS Class Attribute" branch rule variable should work fine.&nbsp;

Forum Discussion

APM - Radius Class matching

Recent Discussions

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

Related Content

iRule based RADIUS Client Stack

/32 IPs in Datagroup class match not matching

iRule based RADIUS Health Monitor Builder

iRule based RADIUS Server Stack

Class match with starts_with - Data group matching order

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS