Forum Discussion
F5 APM configuration with Local DB and External OTP with SMTP.
Hi All,
When i try to configure below flow in APM , I am unable to pass the OTP Generate and getting error.
please let me know if any option need to modify here.
Error in access reports:
Rule evaluation failed with error: invalid command name "Successful"
Following rule 'fallback' from item 'OTP Generate' to ending 'Deny'
Access policy result: Logon_Deny
Note:
Local DB username and password is correct, but still i am getting error,
Hi
I'm guessing that you have a command (or some text) called successful on Branch Rule 1. If you move all of the subsequent config (Email, Logon Page etc) onto the fallback branch and then delete Branch Rule 1 I suspect that the policy will work.
Unless you want to have some logic on the OTP Generate action to do something....?
- iaineNacreous
Hi
I'm guessing that you have a command (or some text) called successful on Branch Rule 1. If you move all of the subsequent config (Email, Logon Page etc) onto the fallback branch and then delete Branch Rule 1 I suspect that the policy will work.
Unless you want to have some logic on the OTP Generate action to do something....?
- IRONMANCirrostratus
Hi Iaine,
Thank you, after i removed the Branch Rule 1 and it is working now.
I need one more help here, i unable to configure To address in email box, i tried with below option to capture the email id from local user data base profile, but not working, let me know if below parameter is correct.
in Email config
SMTP server host name
from: noreply@test.com
To: {session.ad.last.attr.mail}
- iaineNacreous
Try %{session.ad.last.attr.mail}
- IRONMANCirrostratus
Hi Iaine,
I tried the below options, but getting below error, but if i type the full mail id in CC, i am getting OTP to end users.
To users i tried below option.
I tried below options:
%{session.ad.last.attr.mail} - Empty in to address, but CC user getting mail id.
%{session.ad.last.attr.mail}@providerservice.com - Here i am getting mail to other user who is CC, but in too with just @providerservice.com.
Note: in CC i typed full mail address of user.
APM Error logs:
14061 1631867923 1632469491 9/24/2021 8:44 21561958 Common ;hostname=Test.local.com;errdefs_msgno=01490266:7:;partition_name=Common;session_id=09efa93a;Access_Profile=/Common/AP_2FA;Partition=Common;Session_Id=09efa93a;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=610;Message=variable "session.ad.last.attr.mail" was not found in the local cache for session "09efa93a";
14061 1631867925 1632469491 9/24/2021 8:44 21561958 Common ;hostname=test.local.com;errdefs_msgno=01490266:7:;partition_name=Common;session_id=09efa93a;Access_Profile=/Common/AP_2FA;Partition=Common;Session_Id=09efa93a;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=625;Message=variable "session.ad.last.attr.mail" for session "09efa93a" was not found in MEMCACHED;
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com