Forum Discussion
rafaelbn_176840
Altocumulus
AltocumulusAPM conditional policy
Hello devs! Happy 2018 guys!
We have an APM on our environment serving as VPN. The policy first authenticates the user against AD and after talks to a SMS device users can receive their two fact...
rafaelbn
Cirrostratus
CirrostratusWoohoooo!
It worked!!! \o/
This is the final iRule.
when ACCESS_POLICY_AGENT_EVENT {
if { [ACCESS::policy agent_id] eq "irule_SMS" } {
if {[active_members pool_SMS] > 0} {
ACCESS::session data set session.custom.sms_server "up"
} else {
ACCESS::session data set session.custom.sms_server "down"
}
}
}
The policy was like this:
The iRule event like this:
And the branch rule like this:
Believe it or not, I got stuck because I forgot to apply this iRule under the VS that this APM policy is running.
Session variables were logged like this:
5c319b08.session.custom.sms_server 4 down
e33364e8.session.custom.sms_server 2 up
In this specific test, the result was that when the pool_SMS was available (active members were greater than zero), user got the logon page and when pool_SMS was down (active members was zero), user got the message box. Now I just have to replicate this on my environment before the MFA policy block.
Thanks Daniel! Really appreciate the help!
