Forum Discussion

Nimbostratus

Oct 18, 2022

F5 Access Policy Authentication Using Domain Prefix

Greeting, Need a little assistance. Trying to integrate our F5 Access Policy using RADIUS Authentication in support of our PortalGuard 2FA solution. PortalGurad uses LDAP Authentication on it's en...

security

iaine
Oct 20, 2022
Hi

So if I'm reading this right, you want to rewrite the session.logon.last.username variable to include the DOMAIN/ in it prior to AD auth?

If so, then add in a new Variable Assign object into your policy and rewrite the username variable as you have done with your SSO object. Stanislas wrote a great post regarding APM variables which includes such an example. https://community.f5.com/t5/codeshare/apm-variable-assign-examples/ta-p/287962

iaine

Nacreous

Oct 20, 2022

So if I'm reading this right, you want to rewrite the session.logon.last.username variable to include the DOMAIN/ in it prior to AD auth?

If so, then add in a new Variable Assign object into your policy and rewrite the username variable as you have done with your SSO object. Stanislas wrote a great post regarding APM variables which includes such an example. https://community.f5.com/t5/codeshare/apm-variable-assign-examples/ta-p/287962

gam
Nimbostratus
Oct 20, 2022
Yes your undestanding is correct. Thanks for the reference and came across this article a while back and was trying out refrenced variable but I don't think I was using the correct one and\or nor applying it correctly. You have to excuse me, I'm still learning as to Access Policy matter of things.
So I see what looks like 2 possible variable options in the article that looks like applies to Domain and username below. Which of the two is more fitting as to what I'm trying to achieve
expr { "[mcget {session.logon.last.domain}]\\[mcget {session.logon.last.username}]" }
if { [mcget {session.logon.last.username}] contains "\\" } { set username [string tolower [mcget {session.logon.last.logonname}]]; return [string range $username 0 [expr {[string first "\\" $username] -1}] ]; } else { return {} }
So based on my Access Policy example I uploaded, where would I inject the appropriate variable to perform the rewrite? Before Domain select or after Domain Select prior to the RADIUS Server?
Thank you for your time and assitance and much appreciated.
gam
Nimbostratus
Oct 20, 2022
Ok using your guidence with the article with some thought and trial I was able to insert the rewrite viarable and everything is working as it should. Thank you again for your help.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

F5 Access Policy Authentication Using Domain Prefix

Recent Discussions

F5 DDOS Solution

iRule for public IP access to specific section of my URL

APM RDP custom parameters

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

Related Content

F5's Access Policy Manager the Access Proxy for Zero Trust Architectures

Harnessing the power of F5 BIG-IP Access Policy Manager (APM) and Microsoft

ASM Policies role based access

Zero Trust building blocks - F5 BIG-IP Access Policy Manager (APM) and PingIdentity

Minimizing Security Complexity: Managing Distributed WAF Policies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS