error 'invalid ciphertext' in APM with ACCESS::policy evaluate

there are some trouble with ACCESS::session create if "Accept-Language" is not set in HTTP_REQUEST event... try this:

if { [HTTP::header value "Accept-Language"] eq "" } then {
     A "Accept-language" header is not present. Injecting language code = none
    HTTP::header insert "Accept-Language" "none"
}
set flow_sid [ACCESS::session create -timeout 600 -lifetime 3600]
ACCESS::policy evaluate -sid $flow_sid -profile /Common/access_aa session.logon.last.username [HTTP::username] session.logon.last.password [HTTP::password] session.server.landinguri [string tolower [HTTP::uri]]

Why do you set a lifetime to 3660 and a timeout to 600? try to change these values to lower.

set flow_sid [ACCESS::session create -timeout 60 -lifetime 120]

Look at this code as example of working command

Thank you for your answer. I just did the test with this code, it's always the same.

The header 'Accept-Language' is sent by Chrome, as well as 'Auhorization' :

• Accept-Language: en-US, en; q = 0.9, en-US; q = 0.8, en; q = 0.7
• Authorization: Basic MzI6MzI =

concerning the timers, I took those of the example in the wiki;)

https://devcentral.f5.com/wiki/iRules.ACCESS__policy.ashx

I do not think so. the same policy (and therefore AAA LDAP Server) works when applied to the VS.

I guess you want to authenticate without redirect to /my.policy.

instead of $1, try the code provided here to enable clientless-mode.