Forum Discussion
AltostratusBigIP APM 12.1.3: username variable session.logon.last.username empty
AltostratusI have an irule which triggers an access policy based on a condition => $EnableAPMPolicy equals 1
when HTTP_REQUEST {
ACCESS::disable
if { $EnableAPMPolicy equals 1 } {
ACCESS::enable
}
}
So by default I set ACCESS::disable in the HTTP_REQUEST. This was preventing IE from getting the username variable somehow. I added a condition which only calls ACCESS:disable if $PolicyEnabled = 0 Now IE is happy and variable is passed along.
when HTTP_REQUEST {
if { $EnableAPMPolicy equals 0 } {
ACCESS::disable
}
if { $EnableAPMPolicy equals 1 } {
ACCESS::enable
}
}
AltostratusThis issue is becoming very serious now. I have confirmed two configurations where IE11 does not work:
Config A: 1. You have a VS with an APM Policy starting with a logon page, a message box to show the username entered in the logon page and an ldap or ad auth.
- You add an irule on this VS with an Access::disable in the beginning of the http_request and an Access:Enable only if some condition is met.
In this case apm shows an empty value in the user name and of course password is empty too. If you remove the access:disable IE does capture and transfer the username/password.
Config B:
- You create 2 VSs
- On first VS add an irule with a redirect to the second VS if some condition is met.
- You add an APM policy to the second VS, same VPE => logon page, messagebox, auth.
In this case IE does not work.
In both configs Chrome and Firefox work fine.
I have found some info here and there about APM/IE blank values: https://support.f5.com/csp/article/K04732437 https://support.f5.com/csp/article/K16109
Anyone to test/confirm or offer a solution/bypass? Thanks.
