For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

APM AD authentication case-sensitivity workaround

Problem this snippet solves:

In our recent implementation of APM, we discovered that if a user starts their username with a capital letter, it will fail AD authentication. This was typically happening with phones, as those keyboards have a tendency to auto capitalize the first letter of a line. Here is the session variable macro I used to transparently solve this problem.

How to use this snippet:

Create a 'variable assignment' macro before your AD authentication step in the policy editor for APM, with the corresponding 'Custom Variables' and 'Custom Expressions'.

Code :

Assignment #1
Variable: session.logon.last.logonname
Expression: expr { "[string trim [mcget {session.logon.last.logonname}]]" }

Assignment #2
Variable: session.logon.last.logonname
Expression: expr { "[string tolower [mcget {session.logon.last.logonname}]]" }

Assignment #3
Variable: session.logon.last.username
Expression: expr { "[string trim [mcget {session.logon.last.username}]]" }

Assignment #4
Variable: session.logon.last.username
Expression: expr { "[string tolower [mcget {session.logon.last.username}]]" }

Tested this on version:

13.0
Published Jan 18, 2019
Version 1.0
active directory
BIG-IP Access Policy Manager (APM)
security
No CommentsBe the first to comment