Forum Discussion

Nimbostratus

Oct 18, 2022

F5 Access Policy Authentication Using Domain Prefix

Greeting, Need a little assistance. Trying to integrate our F5 Access Policy using RADIUS Authentication in support of our PortalGuard 2FA solution. PortalGurad uses LDAP Authentication on it's en...

security

iaine
Oct 20, 2022
Hi

So if I'm reading this right, you want to rewrite the session.logon.last.username variable to include the DOMAIN/ in it prior to AD auth?

If so, then add in a new Variable Assign object into your policy and rewrite the username variable as you have done with your SSO object. Stanislas wrote a great post regarding APM variables which includes such an example. https://community.f5.com/t5/codeshare/apm-variable-assign-examples/ta-p/287962

iaine

Nacreous

Oct 20, 2022

So if I'm reading this right, you want to rewrite the session.logon.last.username variable to include the DOMAIN/ in it prior to AD auth?

If so, then add in a new Variable Assign object into your policy and rewrite the username variable as you have done with your SSO object. Stanislas wrote a great post regarding APM variables which includes such an example. https://community.f5.com/t5/codeshare/apm-variable-assign-examples/ta-p/287962

gam
Nimbostratus
Oct 20, 2022
Yes your undestanding is correct. Thanks for the reference and came across this article a while back and was trying out refrenced variable but I don't think I was using the correct one and\or nor applying it correctly. You have to excuse me, I'm still learning as to Access Policy matter of things.
So I see what looks like 2 possible variable options in the article that looks like applies to Domain and username below. Which of the two is more fitting as to what I'm trying to achieve
expr { "[mcget {session.logon.last.domain}]\\[mcget {session.logon.last.username}]" }
if { [mcget {session.logon.last.username}] contains "\\" } { set username [string tolower [mcget {session.logon.last.logonname}]]; return [string range $username 0 [expr {[string first "\\" $username] -1}] ]; } else { return {} }
So based on my Access Policy example I uploaded, where would I inject the appropriate variable to perform the rewrite? Before Domain select or after Domain Select prior to the RADIUS Server?
Thank you for your time and assitance and much appreciated.
gam
Nimbostratus
Oct 20, 2022
Ok using your guidence with the article with some thought and trial I was able to insert the rewrite viarable and everything is working as it should. Thank you again for your help.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

F5 Access Policy Authentication Using Domain Prefix

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Harnessing the power of F5 BIG-IP Access Policy Manager (APM) and Microsoft

ASM Policies role based access

F5 BIG-IP Access Policy Manager (APM) Identity-based steering with SSL Orchestrator (SSLO)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS