Forum Discussion
F5 Access Policy Authentication Using Domain Prefix
- Oct 20, 2022
Hi
So if I'm reading this right, you want to rewrite the session.logon.last.username variable to include the DOMAIN/ in it prior to AD auth?
If so, then add in a new Variable Assign object into your policy and rewrite the username variable as you have done with your SSO object. Stanislas wrote a great post regarding APM variables which includes such an example. https://community.f5.com/t5/codeshare/apm-variable-assign-examples/ta-p/287962
Hi
So if I'm reading this right, you want to rewrite the session.logon.last.username variable to include the DOMAIN/ in it prior to AD auth?
If so, then add in a new Variable Assign object into your policy and rewrite the username variable as you have done with your SSO object. Stanislas wrote a great post regarding APM variables which includes such an example. https://community.f5.com/t5/codeshare/apm-variable-assign-examples/ta-p/287962
Yes your undestanding is correct. Thanks for the reference and came across this article a while back and was trying out refrenced variable but I don't think I was using the correct one and\or nor applying it correctly. You have to excuse me, I'm still learning as to Access Policy matter of things.
So I see what looks like 2 possible variable options in the article that looks like applies to Domain and username below. Which of the two is more fitting as to what I'm trying to achieve
expr { "[mcget {session.logon.last.domain}]\\[mcget {session.logon.last.username}]" }
if { [mcget {session.logon.last.username}] contains "\\" } { set username [string tolower [mcget {session.logon.last.logonname}]]; return [string range $username 0 [expr {[string first "\\" $username] -1}] ]; } else { return {} }
So based on my Access Policy example I uploaded, where would I inject the appropriate variable to perform the rewrite? Before Domain select or after Domain Select prior to the RADIUS Server?
Thank you for your time and assitance and much appreciated.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com