APM VPN policy with a hiddent domain addition

Question

Hello
Users normally login with username@domain, which matches their UPN and also matches RSA username.
Now that Office365 federation requires a UPN change, their UPN will be changed to a much longer domain name that they have to type every time they login.
Is it possible to modify RSA logon page step in the policy so that they just type their username and F5 will add a domain name when it is passed to RSA for authentication?
Like this:
1. User just types "username" and their PIN+Tokencode
2. F5 APM policy transforms the "username" to "username@somelongdomainname" and passes the new username and pin+tokencode to RSA&nbsp;
What is the best way to do it? Environment is complex and we cannot just change RSA usernames to a short name (we tried)&nbsp;

stanislas_piro2 · Answer

you can use following variable assign
session.logon.last.username = 
expr { [set username [string tolower [mcget {session.logon.last.logonname}]]] contains "@" ? $username : "$username@domain.local" }

youssef1 · Answer

Hello,
Add a "Variable assign" and set it like that:
Custom Variable:
    session.logon.last.username
Custom expression:
    expr { "[mcget {session.logon.last.username}]@mydomain.com" }

Regards,

Forum Discussion

APM VPN policy with a hiddent domain addition

Recent Discussions

How do I create a traffic log for two different route domains?

Http / https health monitor issue

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Need Urgent BIGIP Trial License and VM Image

APM for banner and cert

Related Content

Minimizing Security Complexity: Managing Distributed WAF Policies

Auditing Security Policy Updates

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 2 - Policy Import)

ASM custom response page add additional information

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 1 - Policy Creation)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS