Forum Discussion

Bazsi1's avatar
Bazsi1
Icon for Nimbostratus rankNimbostratus
Apr 29, 2021

APM Advanced Resource Assignment from iRule

Hi All,

I'm working on a dynamically assigned RDP solution based on this and a comment on this article but I'm completely stuck with assigning resources from iRule. I've created a simple LAB environment:

The Advanced Resource Assign contains a webtop and a RDP with user defined destination. The iRule event after this looks like this:

when ACCESS_POLICY_AGENT_EVENT {
  if {[ACCESS::policy agent_id] equals "DynRDP"}
  {
    set RDP "/Common/RDP_1"
    ACCESS::session data set session.assigned.resources.rd1 $RDP
  }
}

After checking the test session's variables the variable assigned indeed but the RDP_1 resource doesn't appear. I've tried a few things like placing the iRule event before the webtop assign or remove all rdp resources and assign only one with ...resources.rd but no luck.

I'm running on 15.1.3 at the moment. 

Can you please guys point me to the right direction?

  • Which variable is used to set the destination in RDP_1? I understand that's not static and something you want end user to set? Then end user should have option to fill that in the login form or message box and you can take it from the variable is what I think.

  • Bazsi1's avatar
    Bazsi1
    Icon for Nimbostratus rankNimbostratus

    Thanks for your reply SanjayP!

    The main goal would be to dynamically assign up to n nubmers of RDP resources to the session based on a comma separated list from a AD attribute. In the meantime I came to a new idea about the solution. So:

    There are for example 10 RDP resources, each with it's own variable containing the destination. In the RDP resource we can pass this like this:

    After the AD query I can phrase the values in an iRule like:

    when ACCESS_POLICY_AGENT_EVENT {
    	if {[ACCESS::policy agent_id] eq "RDP_phraser"}
    	{
    		set addresslist [ACCESS::session data get {session.ad.last.attr.myCustomAttribute}]
    		set addressarray [split $addresslist ","]
    		set n 1
    		foreach address $addressarray {
    			ACCESS::session data set session.custom.rdp_$n $address
    			incr n
    		}
    	}
    }

    And instead of assigning the resource from the iRule, I assign all of them based in their own variable. If there is a destination then the resource should appear if it is empty it should not.