Forum Discussion
Roberto_GB_2613
Oct 26, 2016Altostratus
Hi,
Thanks for the responses! I chopped the iRule what I thought was relevant... And I miss the important line.... I was using "[$username]" instead of "$username" while logging. Now it's working.
Here it's the final code:
when ACCESS_POLICY_AGENT_EVENT {
if { [ACCESS::policy agent_id] eq "ga_user_verify" } {
log local0. "CUSTOM - iRule_ga_user_verify"
Get userdata
set username [ACCESS::session data get session.logon.last.username]
set static::ga_key_dg "google_auth_keys"
set ga_key ""
set ga_key [class lookup $username $static::ga_key_dg]
Check reteived token
if { [string length $ga_key] == 16 } {
set ga_user_result 1
} else {
set ga_user_result 0
}
user is in database: ga_user_result = 1
user is not in database: ga_user_result = 0
Log result and save data
ACCESS::session data set session.custom.ga_user_result $ga_user_result
log local0. "CUSTOM - user $username has token: $ga_user_result"
}
}
It's going to complement the Google Authenticator as second factor. Some users has not been deployed the token-generator and, for the moment, they should not be asked for this while authenticating. I'm following the guide of George Watkins Two-Factor Authentication With Google Authenticator And APM