Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

add attribute query f5 apm

herdi
Nimbostratus
Nimbostratus

‎17-Apr-2023 23:02

hi expert

i want to send otp to another domain for example on irule lx

to : a@abc.com send email and we want to add atribute ad : noname and send to : a@cde.com

the goal email otp code should a@cde.com 

the logic is if nomber phone doesnt ekist send to email user 

thanks

Labels:
0 Kudos
6 REPLIES 6

lnxgeek
MVP
MVP

‎19-Apr-2023 05:00

You can achive this by using an iRule event in the VPE.

You insert an iRule Event agent at the right place in your logic in VPE and then in the iRule attached to the VS you have access to the different session variables where you can measure and rewrite.

 

0 Kudos

herdi
Nimbostratus
Nimbostratus
In response to lnxgeek

‎19-Apr-2023 05:26

We already configured session on irule event on vs and we set attribute on pve but when access vpn we did not get  OTP notification, we already check attribute name and match on active directory, on report log is able to see the session attribute succes send otp or not?

if we running debug on f5, the event procces can see to make sure the step on it

Thanks

0 Kudos

lnxgeek
MVP
MVP

‎19-Apr-2023 06:13 - edited ‎19-Apr-2023 06:14

I would start to log the relevant variables in the iRule when logging on to get there content.

Then I would run a tcpdump on the unit to see if it tries to send anything out and to where, with what.

Also, have you configured a SMTP relay (System ›› Configuration : Device : SMTP) and do you know if it works ?

0 Kudos

herdi
Nimbostratus
Nimbostratus
In response to lnxgeek

‎26-Apr-2023 00:16

i have check access report but didnt find the variable,  how to check log for relevant variable ?

if i used tcp dump should we decrypt client ssl side only or server to ? because we have client and servire ssl certificate

we didnt configure smtp rely, this active directory on existing we just add new attribut contain email address and when otp will send to new email not existing email  

 

0 Kudos

lnxgeek
MVP
MVP

‎27-Apr-2023 22:13

Turn up logging to debug for all features, that should give you more information of what is going on in general. I would expect the variables to be logged without it though.

You must configure a smtp relay, otherwise it doesn't know how to send the otp:

Screenshot from 2023-04-28 07-00-43.png

Regarding decrypting ssl I would go for both sides. Have a look at Mr. Rahm's solution:

https://community.f5.com/t5/technical-articles/decrypting-big-ip-packet-captures-without-irules/ta-p...

 

0 Kudos

herdi
Nimbostratus
Nimbostratus
In response to lnxgeek

‎27-Apr-2023 23:53

function send_email (req, res) {
var transporter = nodemailer.createTransport ({
host: 'xx.xx.xx.xx',
port: 25,
secure: false,
tls: {
rejectUnauthorized: false
}
});
var mailOptions = {
from: '@example.com',
to: req.params()[2],
subject: 'User VPN '+ req.params()[0],
html: "Kode OTP : "+ req.params()[1] + "<br />dont share.<br /><br />Email user: "+ req.params()[2]+"<br />Phone: "+req.params()[3]+"<br/>Department: "+req.params()[4]
};

 

here is irule access policy agent event (on vpe attribute name is mail)

ACCESS::session data get session.ad.last.attr.mail

 

0 Kudos
Copyright © 2023 Khoros, LLC