Forum Discussion

IRONMAN's avatar
IRONMAN
Icon for Cirrostratus rankCirrostratus
Sep 14, 2021
Solved

F5 APM configuration with Local DB and External OTP with SMTP.

Hi All,

 

When i try to configure below flow in APM , I am unable to pass the OTP Generate and getting error.

please let me know if any option need to modify here.

 

Error in access reports:

Rule evaluation failed with error: invalid command name "Successful"

Following rule 'fallback' from item 'OTP Generate' to ending 'Deny'

Access policy result: Logon_Deny

 

Note:

Local DB username and password is correct, but still i am getting error,

 

  • iaine's avatar
    iaine
    Sep 14, 2021

    Hi

     

    I'm guessing that you have a command (or some text) called successful on Branch Rule 1. If you move all of the subsequent config (Email, Logon Page etc) onto the fallback branch and then delete Branch Rule 1 I suspect that the policy will work.

     

    Unless you want to have some logic on the OTP Generate action to do something....?

4 Replies

Sort By
  • iaine's avatar
    iaine
    Icon for Nacreous rankNacreous
    Sep 14, 2021

    Hi

     

    I'm guessing that you have a command (or some text) called successful on Branch Rule 1. If you move all of the subsequent config (Email, Logon Page etc) onto the fallback branch and then delete Branch Rule 1 I suspect that the policy will work.

     

    Unless you want to have some logic on the OTP Generate action to do something....?

  • IRONMAN's avatar
    IRONMAN
    Icon for Cirrostratus rankCirrostratus
    Sep 16, 2021

    Hi Iaine,

     

    Thank you, after i removed the Branch Rule 1 and it is working now.

    I need one more help here, i unable to configure To address in email box, i tried with below option to capture the email id from local user data base profile, but not working, let me know if below parameter is correct.

     

     

    in Email config

     

    SMTP server host name

    from: noreply@test.com

    To: {session.ad.last.attr.mail}

     

     

     

  • IRONMAN's avatar
    IRONMAN
    Icon for Cirrostratus rankCirrostratus
    Sep 24, 2021

    Hi Iaine,

     

    I tried the below options, but getting below error, but if i type the full mail id in CC, i am getting OTP to end users.

    To users i tried below option.

     

    I tried below options:

     

    %{session.ad.last.attr.mail} - Empty in to address, but CC user getting mail id.

    %{session.ad.last.attr.mail}@providerservice.com - Here i am getting mail to other user who is CC, but in too with just @providerservice.com.

     

    Note: in CC i typed full mail address of user.

     

     

    APM Error logs:

     

    14061 1631867923 1632469491 9/24/2021 8:44 21561958 Common ;hostname=Test.local.com;errdefs_msgno=01490266:7:;partition_name=Common;session_id=09efa93a;Access_Profile=/Common/AP_2FA;Partition=Common;Session_Id=09efa93a;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=610;Message=variable "session.ad.last.attr.mail" was not found in the local cache for session "09efa93a";

     

     

    14061 1631867925 1632469491 9/24/2021 8:44 21561958 Common ;hostname=test.local.com;errdefs_msgno=01490266:7:;partition_name=Common;session_id=09efa93a;Access_Profile=/Common/AP_2FA;Partition=Common;Session_Id=09efa93a;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=625;Message=variable "session.ad.last.attr.mail" for session "09efa93a" was not found in MEMCACHED;