30-Jul-2021 04:18
I am quite new to set APM branch rule. Please kindly help me how to write the rules
In our APM, domain check is already done and AD auth is separated for each domain. It is used for Vmware View VDI connection for later resource assign.
I need to direct some users for new environment for testing. Only select users to go to different AD auth and resource assign.
For examples, filter 5 users to go to new AD auth and resource assign.
user1, user2, user3, user4, user5
In this case, I can write branch rules like following.
Name user1 Expression: expr { [mcget {session.logon.last.username}] equals "user1" }
Name user2 Expression: expr { [mcget {session.logon.last.username}] equals "user2" }
Name user3 Expression: expr { [mcget {session.logon.last.username}] equals "user3" }
Name user4 Expression: expr { [mcget {session.logon.last.username}] equals "user4" }
Name user5 Expression: expr { [mcget {session.logon.last.username}] equals "user5" }
However, actually, we have more users, is there any way to combine above into 1 branch by combining OR conditions?
Also, if possible, I want to check domain of user after user name is matched. How can I write Expression to filter with
matching for both conditions? For examples,
user1 and domain must be domain1
In case of separated expression, expr { [mcget {session.logon.last.username}] equals "user1" } expr { [mcget {session.logon.last.domain}] equals "domain1" }
How can I combine above 2 expression in one branch?
Best Regards
Sakiy
30-Jul-2021 09:08
Hi Sakiy,
you could use a TCL expression like OR to chain the usernames. See this manual: https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-access-policy-manager-visual-policy-editor-14-1-0/tcl-usage.html
Also take a look here:
https://devcentral.f5.com/s/articles/apm-variable-assign-examples-1107
So you might end up with something looking like this:
expr { [mcget {session.logon.last.username}] == "user1" || [mcget {session.logon.last.username}] == "user2" }
If possible, I would recommend joining those users in an LDAP or AD group.
KR
Daniel