For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

raZorTT's avatar
raZorTT
Icon for Cirrostratus rankCirrostratus
Mar 13, 2019

tmsh: making a variable-assign item secure

Hi,

Just wondering if it's possible on 12.1.3 to set a variable assign to secure via tmsh? I can't see any reference to it in the tmsh reference guide. Below is what i'm trying to achieve, which was set through the VPE

apm policy agent variable-assign /Common/ap_mypolicy_act_variable_assign_ag {
    variables {
        {
            expression "return [mcget -secure {session.logon.last.token}]"
            secure true
            varname session.logon.last.password
        }
    }
}

Cheers

Simon

application delivery
BIG-IP Access Policy Manager (APM)

1 Reply

  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Mar 15, 2019

    Hi Simon,

    you can change the variable assign action via the TMSH 

    load sys config merge from-terminal
    command. See below for a complete conversation how to add and to remove the secure flag...

    root@(f501)(cfg-sync Standalone)(Active)(/Common)(tmos) list apm policy agent variable-assign test
apm policy agent variable-assign test {
    variables {
        {
            expression "return {MalformedCredentials}"
            varname session.logon.last.error
        }
    }
}
root@(f501)(cfg-sync Standalone)(Active)(/Common)(tmos) load sys config merge from-terminal
Enter configuration. Press CTRL-D to submit or CTRL-C to cancel.
apm policy agent variable-assign test {
    variables {
        {
            expression "return {MalformedCredentials}"
            varname session.logon.last.error
            secure true
        }
    }
}
Loading configuration...
root@(f501)(cfg-sync Standalone)(Active)(/Common)(tmos) list apm policy agent variable-assign test
apm policy agent variable-assign test {
    variables {
        {
            expression "return {MalformedCredentials}"
            secure true
            varname session.logon.last.error
        }
    }
}
root@(f501)(cfg-sync Standalone)(Active)(/Common)(tmos) load sys config merge from-terminal
Enter configuration. Press CTRL-D to submit or CTRL-C to cancel.
apm policy agent variable-assign test {
    variables {
        {
            expression "return {MalformedCredentials}"
            varname session.logon.last.error
        }
    }
}
Loading configuration...
root@(f501)(cfg-sync Standalone)(Active)(/Common)(tmos) list apm policy agent variable-assign test
apm policy agent variable-assign test {
    variables {
        {
            expression "return {MalformedCredentials}"
            varname session.logon.last.error
        }
    }
}
root@(f501)(cfg-sync Standalone)(Active)(/Common)(tmos)

    Cheers, Kai