Hi Takahiro,
I haven't looked much at the default auth rules in 10.2, but I think the issue might be that tmm_auth_subscription is being set in RULE_INIT. All variables declared in RULE_INIT will be global in scope. Can you change the iRule event from RULE_INIT to CLIENT_ACCEPTED:
when CLIENT_ACCEPTED {
set tmm_auth_subscription "*"
}
From the /config/bigip_base.conf:
These auth profile default rules can be optionally configured to subscribe
to out-of-band auth response data (obtained via AUTH::response_data).
Subscriptions are enabled by setting the variable tmm_auth_subscription
prior to system auth rule invoking AUTH::start call, e.g.,
when CLIENT_ACCEPTED {
set tmm_auth_subscription "*"
}
It is recommended to set this variable to "*". Although the value of
tmm_auth_subscription is not used at this time, it is anticipated that
it will eventually be passed as a parameter to AUTH::subscribe once
that function supports subscription-matching based on regular expressions.
Aaron