APM variable assign and if statement

Hi,

This is done with an iRule, you must map localdomain as the Agent ID within the VPE. You also must attach the iRule to the virtual in the normal fashion.

when ACCESS_POLICY_AGENT_EVENT {    
switch [ACCESS::policy agent_id] {        
    "localdomain" {            
         do something here                
        if { [ACCESS::session data get session.logon.last.domain] equals "local.domain" } {
            ACCESS::session data set session.logon.last.fqdomain "abc.remote"          
        }                            
    }            
} 
}

Cheers,

Kees

Hi Noam,

the best way to check and selectively transform the requested APM session variable, is to use a Variable Assign action item in VPE containing some custom TCL code.

Variable Assign Action

• Name: Transform_Logon_Domain* Type: Custom Variable
• Mode: Unsecure
• Variable Name: session.logon.last.domain
• Expression :

set current_domain [mcget {session.logon.last.domain}] ;
if { $current_domain equals "local.domain" } then {
    return "abc.remote" ; 
} else { 
    return $current_domain ; 
} ;

Note: You can also check the domain name with an branch rule and trigger the variable assign action only if "local.domain" is currently selected. This will eliminate the else part of the expression, but on the other hand may clutter the policy little more. In the end both methods will work out, so its up to you...

Cheers, Kai

Hi,

the code provided by Kai is good and working fine.

I think you can change the other part of the variable assign with regex

if {[regexp {othername:UPN<[^@]+@([^>]+)>} [mcget {session.ssl.cert.x509extension}] UPNFull current_domain]} {
    if { $current_domain equals "local.domain" } then {
        return "abc.remote" ; 
    } else { 
        return $current_domain ; 
    } ;
} else {return ""}

regex is almost every time worse than string compare like equals, but with split, foreach, string first commands, but regex is better than this code.