Forum Discussion
David_20479
Nimbostratus
NimbostratusREGEX syntax for APM NTLM Auth
Looking for REGEX syntax assistance with my APM policy.
need to change user@domain.com to domain\user
something like:
session.user = expr { [regsub\(.*\)@\(.*\)/\2\\\1} [mcget {session.logon.last.username}] ""] }
hooleylistCirrostratus
Hi David,
Can you one of these?
Prepend a static domain to the username
[concat "DOMAIN\\[mcget {session.logon.last.username}]" ]
Or:
Translate from user@domain to domain\user
[regsub -all {(.*)@(.*)} [mcget {session.logon.last.username}] {\2\\\1}]
Aaron
David_20479Thanks for your help Hoolio. This was a success.
However i did find a bug where it appends '5c' before the username:
AD agent: Query: query with '(sAMAccountName=domain\5cuser)' failed- hooleylist5c is a hex encoded backslash. That does seem like a bug. Can you open a case with F5 Support on this?
You can also check SOL11101 for a possible solution to remove the domain:
sol11101: Configuring the SSO credential mapping action to remove the domain name from a username
http://support.f5.com/kb/en-us/solutions/public/11000/100/sol11101.html
Aaron - hooleylistOr maybe this to remove the 5c:
[string map -nocase {5c ""} [regsub -all {(.*)@(.*)} [mcget {session.logon.last.username}] {\2\\\1}]]
Aaron - hooleylistHi David,
Did you find a solution that will work for you?
Aaron - David_20479Hi Hoolio,
I had success with the regex, however was still seeing the "5c" injected between domain\ & username (i.e. domain\5cusername)
Once I ticked the option of "username conversion" in my SSO configuration, this fixed the 5c issue.
Im still perplexed as to why it would insert a hex representation of "\"? :S
Thanks again for sharing all your knowledge and assistance.
David - hooleylistI suggest opening a case on the conversion of the backslash to the hex 5c. It would be helpful to document the issue and get it fixed.
Aaron 
Maynor_OvalleI have a very similar situation. I'm running 11.1 HF1 and doint multiple AD domain authentication. With 11.1 APM has no issue identifying the domain if the user types domain\username but if the user types domain/username it sets the username as domain/username and of course user is not going to authenticate. So I'm writing a regular expression to identify if the session.logon.last.username contains / to take the domain value up to the / and set the session.logon.last.domain to that value and set the rest of the string as the session.logon.last.username. I have the expr {[mcget {session.logon.last.username}] contains "/"} and I need to embed the action to set the domain and username values into variables by using ^|\/.+ which just takes the domain info and .+\/|^ which just takes the username. Any ideas how I can embed that info the contains /? Thanks for your help