F5 APM HTTP-Auth

Question

Hello Everyone,&nbsp;
I am using SMSGlobal to send the OTP to users. I am facing a strange issue I can see in the reports in current session that its been picking up the right mobile number from AD and assigning different OTP every time but the issue is when multiple user are trying to access the SSL VPN then randomly one out of these multiple users keep receiving the same OTP repeatedly and other users doesn't receive any.&nbsp;
For instance user A for the first time tries to login to ssl vpn, he receives the OTP. Now when user B tries to login to ssl vpn, user A receives the same OTP again and later when user C tries to access ssl VPN, user A receives the same OTP again on his mobile. where as user C and B doesn't receive any OTP on there mobiles.&nbsp;
But if I go and check the sessions under reports on F5 APM I can see there appropriate phones numbers and different new OTP is assigned to all three users.&nbsp;
This the form action http://www.smsglobal.com/http-api.php&nbsp;
Hidden Parameters- action=sendsms&amp;user=xxxxx&amp;password=xxxxx&amp;&amp;api=1&amp;to="%{session.user.otp.mobile}"&amp;text="%{session.user.otp.pwd}"&nbsp;
LTM Model- BIG-IP 2000
Version- 11.4.1&nbsp;
Any help will be highly appreciated.&nbsp;
Thanks, LD&nbsp;

jonas_karlsson2 · Answer

Hello, I have exactly the same problem in BigIP v12.1.1HF1. Using the built in OTP generate and verify. Different SMS gateway (Telia) in the HTTP Auth. The same old OTP reappears on the first users phone when the second or third user tries to sign in. When adding logging and looking at the ´session.otp.assigned.val´ the OTP Generate is generating a new value and pairing this to the new user session. It looks like the HTTP Auth module is not picking up the new session variable and resends an old cache..&nbsp;
Form Method GET
Form Action http://A.B.C.D/aps/APSmsg
Hidden Form Parameters/Valuesid=XXXXXX&amp;passwd=YYYYYYY&amp;recipients=%{session.ad.last.attr.otherMobile}&amp;flash=yes&amp;msg=%{session.otp.assigned.val}&amp;null&nbsp;
Any Idea how to get the HTTP Auth module to update or clear itself and pick the new session variable? &nbsp;
//Jonas&nbsp;

jonas_karlsson2 · Answer

The solution was to type the values in the box "Hidden Form Parameters" of HTTP server on separate lines and with a space instead of the equal sign.&nbsp;
id XXXXXX&nbsp;
passwd YYYYYYY&nbsp;
recipients %{session.ad.last.attr.otherMobile}&nbsp;
flash yes&nbsp;
msg %{session.otp.assigned.val}&nbsp;

//Only one Carrige Retur above, the forum will not show it correctly//&nbsp;

Forum Discussion

F5 APM HTTP-Auth

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

APM HTTP auth

F5 APM always on VPN

How to tcpdump traffic between APM Http Auth AAA object and a layered virtual server

F5 APM/LTM Ansible module - which to use for changing apm access profile attached to VS?

F5 APM OWA o365 SSO Form Based Authentication Issues

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS