Forum Discussion
NimbostratusCant get apm secure session variable value in Branche Rule
Hi
I'm tringing to compare a OTP-String with the Password Field of my OTP Logon Page, but i can't access the Value of it.
Here is the Compare-Rule: expr { [mcget {session.user.otp.pw}] == [mcget -secure {session.logon.last.otp}] }
As soon as i switch from "password" to "text" in the Logon Form, it works. So it looks as i cannot access the secure variable. The same Rule worked on the 11.3 Release. Sice the Upgrade to BIG-IP 11.4.0 Build 2384.0 Final it doesn't work anymore. Any Ideas?
Best Regards
sbu
4 Replies
- Kevin_Stewart
Employee
I just tested this in 11.4 and I believe it still works. You must assign the custom variable with the secure flag;
[S] session.custom.otp = expr { "foo" }And then evaluate both variables with the -secure option:
expr { [mcget -secure {session.custom.otp}] equals [mcget -secure {session.logon.last.password}] } 
sbu1Hi
Thanks for your answer, unforunately it does not work for me. I'm setting the first variable within an iRule, and the second one trough a Logon Page. I tried different scenarios with the folowing Results:
iRule:
ACCESS::session data set session.user.otp.pw "1234"LogonPage:
Type:"text" Post Variable Name:"otp" Session Variable Name:"otp"Compare:
expr { [mcget {session.user.otp.pw}] equals [mcget {session.logon.last.otp}] }Result: This Scenario does work
iRule:
ACCESS::session data set session.user.otp.pw "1234"LogonPage:
Type:"password" Post Variable Name:"otp" Session Variable Name:"otp"Compare:
expr { [mcget {session.user.otp.pw}] equals [mcget -secure {session.logon.last.otp}] }Result: This Scenario does not work
iRule:
ACCESS::session data set -secure session.user.otp.pw "1234"LogonPage:
Type:"text" Post Variable Name:"otp" Session Variable Name:"otp"Compare:
expr { [mcget -secure {session.user.otp.pw}] equals [mcget {session.logon.last.otp}] }Result: This Scenario does not work
iRule:
ACCESS::session data set -secure session.user.otp.pw "1234"LogonPage:
Type:"password" Post Variable Name:"otp" Session Variable Name:"otp"Compare:
expr { [mcget -secure {session.user.otp.pw}] equals [mcget -secure {session.logon.last.otp}] }Result: This Scenario does not work
So the only Scenario that works is the one without the "-secure" option. Is there a global Setting witch prevents me to access secure Variables even with the "-secure"-Option? I have no idea why it works for you but not for me.
Best Regards
sbu
There is a defect in -secure access to session variables in 11.4.0 release, ID 421259.
This is corrected in 11.4.0 HF3. Please update to that version.
- sbu1Thanks for your Help. Updating to HF3 did the trick! Best Regards sbu
