Forum Discussion

Nic_J's avatar
Nic_J
Icon for Nimbostratus rankNimbostratus
Mar 26, 2018

Is accessing session variables from per-request subroutine possible?

Is there a way to copy session variables (or reference them) into subroutine subsession in per-request APM policy? I'm trying to set up a MFA challenge when users access a certain path. So far I can ...
application delivery
BIG-IP Access Policy Manager (APM)
security
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Sep 25, 2018

I hope you don't want to authenticate user in subroutine with password entered in per session policy!

If this is the requirement, authenticate the user in per session policy, but delete successful branch... with this, the variable session.radius.last.result will contain the authentication result.

then in subroutine, check if the authentication succeeded with a empty box and a branch expression :

expr { [mcget {session.radius.last.result}] == 1 }

Imagine if the user entered a one time password and browse the website before match subroutine condition, the password may have been expired when subroutine is evaluated.

Another behavior can be a password changed during this time (AD password, ...)