cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

APM branch rule for multiple user name matching

Sakiy
Altostratus
Altostratus

I am quite new to set APM branch rule. Please kindly help me how to write the rules

 

In our APM, domain check is already done and AD auth is separated for each domain. It is used for Vmware View VDI connection for later resource assign.

I need to direct some users for new environment for testing. Only select users to go to different AD auth and resource assign.

 

For examples, filter 5 users to go to new AD auth and resource assign.

user1, user2, user3, user4, user5

 

In this case, I can write branch rules like following.

Name user1 Expression: expr { [mcget {session.logon.last.username}] equals "user1" }

Name user2 Expression: expr { [mcget {session.logon.last.username}] equals "user2" }

Name user3 Expression: expr { [mcget {session.logon.last.username}] equals "user3" }

Name user4 Expression: expr { [mcget {session.logon.last.username}] equals "user4" }

Name user5 Expression: expr { [mcget {session.logon.last.username}] equals "user5" }

 

However, actually, we have more users, is there any way to combine above into 1 branch by combining OR conditions?

 

Also, if possible, I want to check domain of user after user name is matched. How can I write Expression to filter with

matching for both conditions? For examples,

user1 and domain must be domain1

In case of separated expression, expr { [mcget {session.logon.last.username}] equals "user1" } expr { [mcget {session.logon.last.domain}] equals "domain1" }

 

How can I combine above 2 expression in one branch?

 

Best Regards

 

Sakiy

 

 

2 REPLIES 2

Hi Sakiy,

 

you could use a TCL expression like OR to chain the usernames. See this manual: https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-access-policy-manager-visual-policy-editor-14-1-0/tcl-usage.html

 

Also take a look here:

https://devcentral.f5.com/s/articles/apm-variable-assign-examples-1107

 

So you might end up with something looking like this:

expr { [mcget {session.logon.last.username}] == "user1" || [mcget {session.logon.last.username}] == "user2" }

If possible, I would recommend joining those users in an LDAP or AD group.

 

KR

Daniel

 

 

Sakiy
Altostratus
Altostratus

Hi Daniel

 

Thank you very much for your answer.

I am not familiar with TCL expression.

 

I will try this!

 

Sakiy