Can the access policy variable session.logon.last.password be passed to a per-request policy subroutine?
Can the access policy variable session.logon.last.password be passed to a per-request policy subroutine?
Version 13.1.0
I am attempting to pass the username and password from the Access Policy to the Per-Request-Policy subroutine for use after URL branching, without adding another logon prompt.
Similar to this thread but without the OTP logon prompt. https://devcentral.f5.com/questions/is-accessing-session-variables-from-per-request-subroutine-possible-58789 The mentioned thread solution works. It creates a logon prompt for the OTP as the password. This is still a prompt for a user to enter a "password" although it is an OTP. I can successfully pass the user name but not the originating session.logon.last.password from the access-policy.
After the user logs on the site, I want to enable Radius MFA Push for specific URL paths. The user is already logged on the access policy. I don't feel they need another logon prompt during the per-request policy.
I have tried many methods without success (per-request policy; subroutine, subroutine macro, access policy; decrypt password). Either I haven't found the right combination or it doesn't work this way. Am I missing something?
mcget -secure {session.logon.last.password} https://devcentral.f5.com/questions/how-can-i-see-a-password-session-variable-47462
mcget {session.logon.last.password}
subsession.logon.last.password
I am also trying other avenues such as using iRule LX to submit the request to the MFA API. I was just hoping radius would be an easier route.