Forum Discussion
NimbostratusTrim Mobile Number
Hi
The SMS Company does not accept more than 10 caracters in http request as of MobileNumber. And also they don't accept these "+" sign or "+90". So it should look like "5431231020". This is the only valid pattern.
On the other hand, in the Active Directory server, user's mobile numbers are stored with "+" sign like this "+905431231020" and they are more more than 10 caracters.
When I try to use an iRule to achieve this pattern I have used below rule.
when ACCESS_POLICY_AGENT_EVENT { log local0. "Start"
set mobile [ACCESS::session data get "session.ad.last.attr.mobile"] log local0. "Mobile is $mobile"
regexp {(5[0-9]*)} [string map -nocase {" " ""} $mobile] mobile log local0. "New Number is $mobile"
ACCESS::session data set "session.logon.last.username" $mobile
}
But, after inserting the the iRule, it was never executed. I haven't see the logging parts in the those log files /var/log/{ltm,apm}
I just change the way and put below assignment in a "Variable Assign" object and it works.
session.logon.last.username = expr { [string map -nocase {"+90" ""} [mcget {session.ad.last.attr.mobile} ]] }
But, now I could not check the OTP because it is allways true! It doesn't matter what I type. After delete above Variable Assingment from Policy Path, it comes back again.
Why I can not use my iRules (yes there are many of them and all works good) ? Why I can not use my Variable Assingment ?
29 Replies
MichaelJordan_1These are the other iRules I have implemented.
when ACCESS_POLICY_AGENT_EVENT {
set mobile [ACCESS::session data get "session.ad.last.attr.mobile"] log local0. "$mobile"
set mobile [string map {" " ""} $mobile]
set mobile [substr $mobile [expr [string length $mobile] -10 ] ]
ACCESS::session data set "session.logon.last.username" $mobile
unset mobile
}
Even this belov one doesn't work!
when ACCESS_POLICY_AGENT_EVENT { log local0. "Start" }
Faruk_AYDINAltostratus
Could you send the Access Policy screenshot?
THiYes, VPE would help to understand where the problem lies.
Seems to be that the iRule is not fired at all. If not already, turn on debug level on apm access policy logging (System ›› Logs : Configuration : Options), and check how the session flow goes from the apm log or session report. Do you see the flow going to the iRule event?
Do you have multiple iRule events in the VPE flowchart? Normally I add an if -clause to check the event ID, to make sure that the iRule is run only in the intended iRule event in the VPE flow. Something like below. Otherwise the iRule may be triggered in the first (possibly wrong one) encountered iRule event in the flow with some unexpected results. Also make sure the iRule is attached to the apm virtual server itself.
when ACCESS_POLICY_AGENT_EVENT { if {[ACCESS::policy agent_id] eq "logging"} { log local0.info "Username: [ACCESS::session data get session.logon.last.username]" } }- boneyard
MVP
for the ACCESS_POLICY_AGENT_EVENT to work you do have to trigger it with an iRule VPE element.
but you should also be able to handle it with an assignment element, they can do pretty much what you want, including assigning variables, not just 0 or 1.
- MichaelJordan_1
Hi Thanks for all answers I just found the way to achieve right pattern via "Variable Assignment". However I was wondering that the iRule part, why is not working ?
Stanislas_Piro2Cumulonimbus
Can you share the working variable assign expression?
For the irule part, was the event ACCESS_POLICY_AGENT_EVENT?
- MichaelJordan_1
Here is the Policy Map
- THiDoes this VPE have an iRule event at all? If not then that explains why the iRule does not fire.
- MichaelJordan_1it does not have an iRule now because of I gave up to try it. But there was an iRule.
- THiok, if you use iRules in the VPE, good practice is to add an if-clause to check that it is fired in the right place.
- MichaelJordan_1
Here is the working "Variable Assignment". Rule order is important!
- [S] session.logon.last.password = expr {[mcget{session.otp.assigned.val}]}
- session.logon.last.username = return [expr [string map {" " ""} [mcget {session.ad.last.attr.mobile}] ] ]
- session.logon.last.username = return [string range [mcget {session.logon.last.username}] end-9 end]
- THiThink you don't want to assign the OTP value to session.logon.last.password before sending it out? The OTP value will be entered by the user at the logon page box, right after the http auth box where it is sent to SMS gateway, and it will be stored to session.logon.last.password variable and verified against the session.otp.assigned.val in the OTP Verify box.
- MichaelJordan_1Yes, I have to do that before sending it out and it is. I just assign the otp value before HTTP-Auth object. Than I am asking the passcode after HTTP-Auth (if it is success) via "Logon Page"
- THiNow you are prepopulating the session.logon.last.password with the generated and correct OTP value (from session.otp.assigned.val). The user should enter it at the logon page and the the entered value should be compared with the session.otp.assigned.val for a match to allow proceeding in the flow. How have you defined the SMS gateway AAA server? Which session variable is sent to the mobile?
- MichaelJordan_1
I have added iRule
- MichaelJordan_1
This is more usefull
- MichaelJordan_1when ACCESS_POLICY_AGENT_EVENT { log local0.info " This is the point where iRule get involve " log local0.info "Username: [ACCESS::session data get session.logon.last.username]" }
- MichaelJordan_1Look at the 7th line. it just saying "I am done with the variable assignment and now I am going to execute the iRule Event".
- THiAnd you have the iRule bound as a resource to the virtual server?
