Forum Discussion
Nimbostratussplitting domain name from UPN session variable
NimbostratusI got the solution from Kevin Stewart.
Thanks kevin for timely help Irule worked perfectly after doing the below changes.
His very good explanation and fix in the irule as mentioned below Two ACCESS::session commands should be: ACCESS::session data set session.logon.last.logonname [lindex [split [ACCESS::session data get session.logon.last.username] "@"] 0] ACCESS::session data set session.logon.last.domain [lindex [split [ACCESS::session data get session.logon.last.username] "@"] 1]
So just to clarify what’s going on in the iRule, let’s look at a simplified version of the original:
set var [lindex [split [findstr $username "@" 0] "@"] 0]
where $username is the user@realam value returned from client side APM Kerberos. The findstr command takes the input string ($username), looks for the matching string (@), and then optionally skips a number of characters from that starting point before it starts collecting. There’s a 4th optional parameter that is a string indicating where to stop collection. This is a blank space if not otherwise specified. So what you’re doing in the above command is looking for the “@” in the $username string, skipping 0 characters, and then collecting all of the characters from that point to the first blank space. If the username is “user@realm”, the above command should return “@realm”.
The fix was to completely remove this section and rely first on the split command to separate the string, delimited by the “@” character, into two list values, and then the lindex command to take the first element of that list, the 0 element.
set var [lindex [split $username "@"] 0]
Regards thasin
