Forum Discussion
CirrusChanging/Manipulate the value of an access policy session variable
Hi,
my question is, I want to do a access policy in APM first ist the Logon Page -> RSA SecureID Server Auth -> (iRule Event) -> variable assignment -> Active Directory Auth -> SSO credential mapping -> to a Webtop with OWA
a perfekt example is on this page https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-6-0/6.html (in the middel of the page) soooo but in my case is the main reason the username. The username at the RSA SecureID Server is rsa_testuser and the name of the user in Active Directory is just testuser, is it possible to change the username who is inside the variable to cut the "rsa_" ?
here is a good idea to do that https://support.f5.com/kb/en-us/solutions/public/13000/200/sol13296.html but in this example change the complete username to always the same username ! At the Logon Page I want to set just the RSA_Username + Passcode (PIN+RSAToken) and the AD password not more ! Maybe someone has a idea/solution for that.
thanks, best regards Manuel
4 Replies
- Walter_Kacynski
Cirrostratus
This can easily be done with TCL (string trimleft): http://wiki.tcl.tk/10177
eLeCtRoNHi,
thanks for your answer, is it possible to get an example iRule which show me how do use the "string trimleft" for my case ?
when ACCESS_POLICY_AGENT_EVENT {
if { [ACCESS::policy agent_id] eq "change_username" } {
Cut/Change session variable to correct value
ACCESS::
}
}
it would be pretty cool could someone correct or extend the iRule for my case !?
thx, best regards Manuel
- Walter_Kacynski
Try this:
when ACCESS_POLICY_AGENT_EVENT { if { [ACCESS::policy agent_id] eq "change_username" } { Cut/Change session variable to correct value set new_username [string trimleft [ACCESS::session data get "session.logon.last.username"] "ras_"] ACCESS::session data set "session.logon.custom.username"] new_username } } - eLeCtRoN
THX Walter, I will test it ;)
best regards
Manuel
