Forum Discussion

sbu1's avatar
sbu1
Icon for Nimbostratus rankNimbostratus
Sep 15, 2013

Cant get apm secure session variable value in Branche Rule

Hi   I'm tringing to compare a OTP-String with the Password Field of my OTP Logon Page, but i can't access the Value of it.   Here is the Compare-Rule: expr { [mcget {session.user.otp.pw}] == ...
BIG-IP Access Policy Manager (APM)
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Sep 16, 2013

I just tested this in 11.4 and I believe it still works. You must assign the custom variable with the secure flag;

[S] session.custom.otp = expr { "foo" }

And then evaluate both variables with the -secure option:

expr { [mcget -secure {session.custom.otp}] equals [mcget -secure {session.logon.last.password}] }