APM authentication User ID changed by application query

The answer is yes, no, and possibly. Yes APM can perform lookups, but no it can't talk directly to a (SQL) database. You can, possibly, still get this to work if you're willing to stand up a web service in front of your database to handle the actual DB querying. In this fashion, APM can perform a sideband call to the web service, mid-policy, and query for the SAM. In any case, most of the authentication agents in the visual policy require the same two session variables: session.logon.last.username and session.logon.last.password. The logon page also produces the same two variables, so between the logon page, the sideband call (via iRule agent), and the AD auth agent, you'll need to store the real username into a separate variable so that the SAM value can be written into the username variable.

 

 

Alternatively, if you can store these application account values in the AD user account (via added schema objects) then you can do an AD/LDAP query directly in APM, which would be much simpler.