Forum Discussion

LD24_184287's avatar
Icon for Nimbostratus rankNimbostratus
Mar 25, 2015


Hello Everyone,


I am using SMSGlobal to send the OTP to users. I am facing a strange issue I can see in the reports in current session that its been picking up the right mobile number from AD and assigning different OTP every time but the issue is when multiple user are trying to access the SSL VPN then randomly one out of these multiple users keep receiving the same OTP repeatedly and other users doesn't receive any.


For instance user A for the first time tries to login to ssl vpn, he receives the OTP. Now when user B tries to login to ssl vpn, user A receives the same OTP again and later when user C tries to access ssl VPN, user A receives the same OTP again on his mobile. where as user C and B doesn't receive any OTP on there mobiles.


But if I go and check the sessions under reports on F5 APM I can see there appropriate phones numbers and different new OTP is assigned to all three users.


This the form action


Hidden Parameters- action=sendsms&user=xxxxx&password=xxxxx&&api=1&to="%{}"&text="%{session.user.otp.pwd}"


LTM Model- BIG-IP 2000 Version- 11.4.1


Any help will be highly appreciated.


Thanks, LD


2 Replies

  • Hello, I have exactly the same problem in BigIP v12.1.1HF1. Using the built in OTP generate and verify. Different SMS gateway (Telia) in the HTTP Auth. The same old OTP reappears on the first users phone when the second or third user tries to sign in. When adding logging and looking at the ´session.otp.assigned.val´ the OTP Generate is generating a new value and pairing this to the new user session. It looks like the HTTP Auth module is not picking up the new session variable and resends an old cache..


    Form Method GET Form Action http://A.B.C.D/aps/APSmsg Hidden Form Parameters/Valuesid=XXXXXX&passwd=YYYYYYY&recipients=%{}&flash=yes&msg=%{session.otp.assigned.val}&null


    Any Idea how to get the HTTP Auth module to update or clear itself and pick the new session variable?




    • Jonas_Karlsson2's avatar
      Icon for Nimbostratus rankNimbostratus

      The solution was to type the values in the box "Hidden Form Parameters" of HTTP server on separate lines and with a space instead of the equal sign.


      id XXXXXX


      passwd YYYYYYY


      recipients %{}


      flash yes


      msg %{session.otp.assigned.val}


      //Only one Carrige Retur above, the forum will not show it correctly//