For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JoeTheFifth's avatar
JoeTheFifth
Icon for Altostratus rankAltostratus
Jan 29, 2018

BigIP APM 12.1.3: username variable session.logon.last.username empty

variable was working in 11.5.   variable is working in chrome and firefox.   variable is not working in IE 11.   Any clues?   variable is used in an AD Query:   (sAMAccountName=%{sessi...
application delivery
BIG-IP
BIG-IP Access Policy Manager (APM)
JoeTheFifth's avatar
JoeTheFifth
Icon for Altostratus rankAltostratus
Jan 30, 2018

I have an irule which triggers an access policy based on a condition => $EnableAPMPolicy equals 1

 when HTTP_REQUEST {
ACCESS::disable     
if { $EnableAPMPolicy equals 1 } {       
    ACCESS::enable
}

}

So by default I set ACCESS::disable in the HTTP_REQUEST. This was preventing IE from getting the username variable somehow. I added a condition which only calls ACCESS:disable if $PolicyEnabled = 0 Now IE is happy and variable is passed along.

     when HTTP_REQUEST {

if { $EnableAPMPolicy equals 0 } {       
    ACCESS::disable
}

if { $EnableAPMPolicy equals 1 } {       
    ACCESS::enable
}

}

Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Jan 31, 2018

Is this configuration enabled on the same VS you applied APM Sharepoint Authentication code?

 

If Yes, I recommend to use version 2 of the code which allow you to manage APM disable in the first HTTP_REQUEST event (lines 50-97).

 

don't create another irule but edit this one to manage Authentication.

 

I guess you can manage office web apps by Host header to disable APM.