Forum Discussion

Nolan_Jensen_23's avatar
Nolan_Jensen_23
Icon for Nimbostratus rankNimbostratus
Sep 26, 2018

Per-Request subroutine loop setup?

Hello All,

 

I am trying to figure out how to configure a RADIUS authentication subroutine in a per request policy so the user can have more then one attempt to enter a one time password. The default gives them just one attempt then they need to close the session and start over.

 

I am running 13.1.0.7 and understand that the setting I need is under the "Subroutine Settings / Rename" button. The issue is when I try to modify this subroutine settings I keep getting this error message. I have attempted selecting a bunch of different things for the Gating Criteria but nothing works it always has same error message.

 

Thanks for your help!

 

I have also tried to use AD Auth as a test and I get a similar error saying that can't be found as well.

 

 

Here is my Per-Request policy in case it might help figure out why I am getting this error.

 

 

  • This Bug is fixed in 13.1.1.2 just tested in my lab and now I can modify subroutine Settings without an error in the gui.

     

    Here is the details from the release notes

     

    726895 : VPE cannot modify subroutine settings

     

    Component: Access Policy Manager

     

    Symptoms: Open per-request policy in Visual Policy Editor (VPE) that has a subroutine. Click 'Subroutine Settings / Rename.

     

    Numeric values like the inactivity timeout are displayed as 'NaN. Attempts to modify the values results in MCP validation errors.

     

    Conditions: -- Per-request policy in the VPE. -- Subroutine in the per-request policy. -- Attempt to change the values.

     

    Impact: All fields say 'NaN', and error when trying to modify properties. Subroutine settings like the Inactivity Timeout and Gating Criteria cannot be modified through the VPE

     

    Workaround: Use tmsh to modify these values, for example:

     

    tmsh modify apm policy access-policy subroutine properties modify { all { inactivity-timeout 301 } }

     

    Fix: The issue has been fixed; it is now possible to view and modify subroutine settings in the VPE.

     

  • I wasn't able to modify via tmsh either. I have a case open with F5 support will let you know what comes of it.

     

  • Hello, you can modify these settings using tmsh:

     

    modify apm policy access-policy subroutine-properties modify { /Common/ { gating-criteria perflow.session.id inactivity-timeout 600 max-subsession-lifetime 800 subroutine-timeout 180 } }

     

  • Thanks for the added information. I will open a case with support and see what they say.

     

  • Hi,

     

    I encountered the same issue after a migration from 13.1.0.2 to 13.1.0.7 in my lab (and also 13.1.0.8). I didn't take time to look for this issue, I just rollbacked to 13.1.0.2.

     

    Insterrested by having the explanation too.