Forum Discussion

Nic_J's avatar
Nic_J
Icon for Nimbostratus rankNimbostratus
Mar 26, 2018

Is accessing session variables from per-request subroutine possible?

Is there a way to copy session variables (or reference them) into subroutine subsession in per-request APM policy? I'm trying to set up a MFA challenge when users access a certain path. So far I can ...
application delivery
BIG-IP Access Policy Manager (APM)
security
Cory_14089's avatar
Cory_14089
Icon for Nimbostratus rankNimbostratus

Thank you Nolan.

 

I will open a new thread. I have been unable to use the password from an access policy in a per-request policy subroutine.

 

Your solution works. It creates a logon prompt for the OTP as the password. This is still a prompt for a user to enter a "password" although it is an OTP. I can successfully pass the user name but not the originating session.logon.last.password from the access-policy.

 

I have tried many methods without success (per-request policy; subroutine, subroutine macro, access policy). Either I haven't found the right combination or it doesn't work this way by design.

 

mcget -secure {session.logon.last.password}

 

mcget {session.logon.last.password}

 

subsession.logon.last.password

 

I am also trying other avenues such as using iRule LX to submit the request to the MFA API. I was just hoping radius would be an easier route.