Forum Discussion
NimbostratusF5 APM One time Password as SMS using clickatell
Hi Gents, I am trying to acheive One time Password as SMS using clickatell.I have followed the article on https://devcentral.f5.com/articles/one-time-passwords-via-an-sms-gateway-with-big-ip-access-policy-manager
But still not working and need assistance. Below is my policy.
From logs I see HTTP auth is failing and hence get sms gateway error. I am guessing its a mobile number format which is not working. Mobile numeber in our ldap is format of 0425121212 Now click a tell expects the format to be 61425121212 ( add 61 and remove 0) what changes I need to make to accomodate it. pls advise. thanks Ram
4 Replies
Henrik_GyllkranIn the "Variable Assign HTTP(1)" above I assume you do the same thing as described in the article, i.e. assigning the OTP and the "username" i.e. phone number to be used for the HTTP Auth? If so, the username assignment should at the moment look something like this:
session.logon.last.username = expr { [mcget {session.user.otp.mobile}]}Change it to this:
session.logon.last.username = expr { "61[string range [mcget {session.user.otp.mobile}] 1 end]" }
Ram_Khakurel_75Thanks, I tried that but from clickatell i can see sms going to number as 61 only,and hence http auth fails. In the http server for clicktell I am using a below setting as in the pic,can u correct me pls. I was hoping this simple but can't get otp as sms working. [IMG]http://i63.tinypic.com/flkec0.png[/IMG] can you guys help pls.
- Henrik_Gyllkran
The expression should work, provided that session.user.otp.mobile contains the correct string to begin with. Could you verify what session.user.otp.mobile and session.logon.last.username contains after this has been evaluated?
Another thing that I have a question about is that the HTTP Auth configuration that you showed us contains a session variable that begins with session.otp.assigned, I might dare to assume that it is session.otp.assigned.val which is the variable used by the built in OTP features that was included in the Visual Policy Editor some versions after Jason Rahm and Per Boe wrote that solution that you linked to in the first post. You should either use only the solution as written by Jason/Per, or use the built in features. If you mix those two solutions you might have some weird results unless you know what to change.
- Ram_Khakurel_75
HI Henrik, I can confirm that Big IP is sending the sms through clickatell report.But its sending to 61 as number, also in apm report i see http auth fails hence fallback to deny.I think Successful Logon Detection Match Value which i have ID:apimsgid is not right. when I manually do wget api url i get something like eid:267d1a5382e4b7a0e7f6738aba97db0e as successful response.
Message Status An error occurred while attempting to route the message Message Content
"One Time Passcode: 819182 Expires after use or in 300 seconds"To 61
Delivery Receipt Not Requested Callback Setting 0 (No message status returned) API Message ID 267d1a5382e4b7a0e7f6738aba97db0e API ID 3570481 (HTTP API)
Message Type SMS_TEXT Flash Not Requested Validity Period (on Clickatell gateway) 1 day Number Of Message Parts 1 Required Features 0 (None set)
Time Received Mon, Nov 9, 2015 07:30:27 Scheduled Delivery Time Mon, Nov 9, 2015 07:30:27 Last Status Update Mon, Nov 9, 2015 07:30:27
