Forum Discussion
CirrusSSO credential mapping with Symantec
We are trying to build an APM policy that uses Symantec push authentication. I need to still be able to do SSO credential mapping to the backend application. However with Symantec appending a set of characters to the end of the user's password before it is set as the session.logon.last.password variable is breaking any SSO credential mapping we can without having two separate login pages. Is there an iRule that I can write that would take the users password and remove the added characters and make a new variable that I call in the mappings?
Chris_WentlandNimbostratus
The String Range can help you accomplish what you're looking for. Sample below!
when RULE_INIT { set user_password "password123456" log local0. "User Input Password: $user_password" set clean_password [string range $user_password 0 end-6 ] log local0. "Cleaned Password: $clean_password" }Dec 7 08:30:04 bigip info tmm5[31075]: Rule /Common/password_length_rule <RULE_INIT>: User Input Password: password123456
Dec 7 08:30:04 bigip info tmm5[31075]: Rule /Common/password_length_rule <RULE_INIT>: Cleaned Password: password
jtlampeWe found the solution. We had to work inside the policy to assign session variables and remove the additional code that Symantec was adding to the password. This allowed us to take the full password (with symantec code) and send it to radius as a named variable, and have the last.password be the actual user's password to check it against AD since you cannot name the variable to be used for AD auth.