cancel
Showing results for 
Search instead for 
Did you mean: 

F5 APM configuration with Local DB and External OTP with SMTP.

IRONMAN
Cirrostratus
Cirrostratus

Hi All,

 

When i try to configure below flow in APM , I am unable to pass the OTP Generate and getting error.

please let me know if any option need to modify here.

 

Error in access reports:

Rule evaluation failed with error: invalid command name "Successful"

Following rule 'fallback' from item 'OTP Generate' to ending 'Deny'

Access policy result: Logon_Deny

 

Note:

Local DB username and password is correct, but still i am getting error,

 

0691T00000Dzm0rQAB.png

1 ACCEPTED SOLUTION

iaine
MVP
MVP

Hi

 

I'm guessing that you have a command (or some text) called successful on Branch Rule 1. If you move all of the subsequent config (Email, Logon Page etc) onto the fallback branch and then delete Branch Rule 1 I suspect that the policy will work.

 

Unless you want to have some logic on the OTP Generate action to do something....?

View solution in original post

4 REPLIES 4

iaine
MVP
MVP

Hi

 

I'm guessing that you have a command (or some text) called successful on Branch Rule 1. If you move all of the subsequent config (Email, Logon Page etc) onto the fallback branch and then delete Branch Rule 1 I suspect that the policy will work.

 

Unless you want to have some logic on the OTP Generate action to do something....?

IRONMAN
Cirrostratus
Cirrostratus

Hi Iaine,

 

Thank you, after i removed the Branch Rule 1 and it is working now.

I need one more help here, i unable to configure To address in email box, i tried with below option to capture the email id from local user data base profile, but not working, let me know if below parameter is correct.

 

 

in Email config

 

SMTP server host name

from: noreply@test.com

To: {session.ad.last.attr.mail}

 

 

 

iaine
MVP
MVP

Try %{session.ad.last.attr.mail}

IRONMAN
Cirrostratus
Cirrostratus

Hi Iaine,

 

I tried the below options, but getting below error, but if i type the full mail id in CC, i am getting OTP to end users.

To users i tried below option.

 

I tried below options:

 

%{session.ad.last.attr.mail} - Empty in to address, but CC user getting mail id.

%{session.ad.last.attr.mail}@providerservice.com - Here i am getting mail to other user who is CC, but in too with just @providerservice.com.

 

Note: in CC i typed full mail address of user.

 

 

APM Error logs:

 

14061 1631867923 1632469491 9/24/2021 8:44 21561958 Common ;hostname=Test.local.com;errdefs_msgno=01490266:7:;partition_name=Common;session_id=09efa93a;Access_Profile=/Common/AP_2FA;Partition=Common;Session_Id=09efa93a;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=610;Message=variable "session.ad.last.attr.mail" was not found in the local cache for session "09efa93a";

 

 

14061 1631867925 1632469491 9/24/2021 8:44 21561958 Common ;hostname=test.local.com;errdefs_msgno=01490266:7:;partition_name=Common;session_id=09efa93a;Access_Profile=/Common/AP_2FA;Partition=Common;Session_Id=09efa93a;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=625;Message=variable "session.ad.last.attr.mail" for session "09efa93a" was not found in MEMCACHED;