Forum Discussion
Per-Request subroutine loop setup?
Hello All,
I am trying to figure out how to configure a RADIUS authentication subroutine in a per request policy so the user can have more then one attempt to enter a one time password. The default gives them just one attempt then they need to close the session and start over.
I am running 13.1.0.7 and understand that the setting I need is under the "Subroutine Settings / Rename" button. The issue is when I try to modify this subroutine settings I keep getting this error message. I have attempted selecting a bunch of different things for the Gating Criteria but nothing works it always has same error message.
Thanks for your help!
I have also tried to use AD Auth as a test and I get a similar error saying that can't be found as well.
Here is my Per-Request policy in case it might help figure out why I am getting this error.
- Nolan_JensenCirrostratus
This Bug is fixed in 13.1.1.2 just tested in my lab and now I can modify subroutine Settings without an error in the gui.
Here is the details from the release notes
726895 : VPE cannot modify subroutine settings
Component: Access Policy Manager
Symptoms: Open per-request policy in Visual Policy Editor (VPE) that has a subroutine. Click 'Subroutine Settings / Rename.
Numeric values like the inactivity timeout are displayed as 'NaN. Attempts to modify the values results in MCP validation errors.
Conditions: -- Per-request policy in the VPE. -- Subroutine in the per-request policy. -- Attempt to change the values.
Impact: All fields say 'NaN', and error when trying to modify properties. Subroutine settings like the Inactivity Timeout and Gating Criteria cannot be modified through the VPE
Workaround: Use tmsh to modify these values, for example:
tmsh modify apm policy access-policy subroutine properties modify { all { inactivity-timeout 301 } }
Fix: The issue has been fixed; it is now possible to view and modify subroutine settings in the VPE.
- Nolan_JensenCirrostratus
I wasn't able to modify via tmsh either. I have a case open with F5 support will let you know what comes of it.
- Nicolas_DestorCirrostratus
I tried already. Using tmsh as workaround didn't work for me.
- Leonardo_Accor1Nimbostratus
Hello, you can modify these settings using tmsh:
modify apm policy access-policy subroutine-properties modify { /Common/ { gating-criteria perflow.session.id inactivity-timeout 600 max-subsession-lifetime 800 subroutine-timeout 180 } }
- Nolan_JensenCirrostratus
Thanks for the added information. I will open a case with support and see what they say.
- Nicolas_DestorCirrostratus
Hi,
I encountered the same issue after a migration from 13.1.0.2 to 13.1.0.7 in my lab (and also 13.1.0.8). I didn't take time to look for this issue, I just rollbacked to 13.1.0.2.
Insterrested by having the explanation too.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com