APM Dual Authentication - AD and localdb

Question

I am trying to setup a logon page that would use the username, password, and a third field. The username will match in AD and the localdb but the password for AD will differ from the localdb. The localdb password would simulate a static PIN. I am sure I need to use a mcget but how do I tell the LocalDB Auth object to use the third field variable instead of the session.logon.last.password ?

seth_cooper · Answer

On the logon page you will have three variables (username, password, local_pass) and after you perform the AD auth (it will use session.logon.last.username and session.logon.last.password) you will then need to do a variable assign action to assign session.logon.last.local_pass to session.logon.last.password.  &nbsp;
The next step would be the LocalDB auth which will also use the session.logon.last.username and session.logon.last.password.&nbsp;
Check out this DevCentral article and see if it helps.&nbsp;
https://devcentral.f5.com/questions/f5-apm-mutiple-authentication-method&nbsp;
Regards,&nbsp;
Seth &nbsp;

kyle_s · Answer

Seth, That is exactly what I was looking for. I never used the Variable Session object before. I am just working through making it work off the LocalDB, it isn't authenticating correctly even though I made the pass 1234. I figured I couldn't misspell that. &nbsp;
Thanks for the help&nbsp;

seth_cooper · Answer

Hey Kyle,&nbsp;
Can you share your session logs for the attempt?  Can you send us a screenshot of the VPE?  If you setup a different policy and just use logon page and localdb auth can you make it work?&nbsp;
Seth&nbsp;

kyle_s · Answer

Seth,&nbsp;
I tested it with just the local DB and that worked. The VPE is basically a Logon page, AD Auth object, followed by the Session Variable, then the LocalDB. It appears in the APM session logs that the field3 from the Logon Page (4 digit pin) is not changing from the session.logon.last.token to session.logon.last.password. I get the session variable 'session.logon.page.errorcode' set to '1000'. I think the issue is in the Session Variable object. Funny that just yesterday, I had to use this but set the username and password from here. The username I had to use text and the password was a return {xxxxxx}. &nbsp;
thanks, Kyle&nbsp;

seth_cooper · Answer

Hi Kyle,&nbsp;
From your description it appears your variable assign is not working properly.  Can you provide the variables used on the logon page, and the variables and expressions used in the variable assign?&nbsp;
Seth&nbsp;

Forum Discussion

APM Dual Authentication - AD and localdb

9 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

iControl REST Authentication Token Management

Doing mTLS Authentication per URL

Two-Factor Authentication With Google Authenticator And APM

APM Sharepoint authentication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS