Forum Discussion
CirrostratusPull Username from session A into Session B
Suppose there are two VIP's and each has been assigned it's own access policy. VIP1 is the primary page where the user logs on and is SSO'ed into the primary portal. VIP2 is the secure VIP and links behind the secure VIP are accessed via the primary portal. The access policy applied to VIP2 checks the source IP and if the IP is internet based, then the user is presented with a external logon page which collects the username/password and token and posts the credentials to the backend server and if successful, user is presented with the content.
We have a new requirement whereby if the user belongs to a specific AD group, then they are allowed to access the secure content (VIP2) without being asked for the 2nd factor. I thought i could do this with a AD query for group membership, however i later realized that the policy applied to VIP does not have the username before making the AD query because the username is collected by the policy applied to VIP1 and is not passed along to VIP 2 (SSO) as once the user logs in the SSO within the application is managed by the application itself.
So long story short is it possible for me to pull the username from the session associated with VIP 1 and somehow use it in the VPE for VIP 2 to perform an AD query ?
thanks,
karthik
1 Reply
Yann_DesmarestCirrus
Hello,
There is no easy way to achieve that. You can get the username of a session by using the following command :
set username [ACCESS::session data get -sid [HTTP::cookie MRH_Session] session.logon.last.username]The hard thing is that the session cookie of VIP1 is not in requests that goes through VIP2. I think you will have to inject a new cookie from the VIP1 to the end user as the following :
HTTP::cookie insert name MRH_Session1 value $MRHSession path / domain vip2.hostname.comThe important thing is that the domain of the cookie contains the hostname of VIP2 so that you can then trap the session value of VIP1 to use it within an irule on VIP2.
