Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

F5 APM configuration with Local DB and External OTP with SMTP.

Go to solution
IRONMAN
Cirrostratus
Cirrostratus

‎14-Sep-2021 04:27

Hi All,

 

When i try to configure below flow in APM , I am unable to pass the OTP Generate and getting error.

please let me know if any option need to modify here.

 

Error in access reports:

Rule evaluation failed with error: invalid command name "Successful"

Following rule 'fallback' from item 'OTP Generate' to ending 'Deny'

Access policy result: Logon_Deny

 

Note:

Local DB username and password is correct, but still i am getting error,

 

0691T00000Dzm0rQAB.png

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
iaine
MVP
MVP

‎14-Sep-2021 05:40

Hi

 

I'm guessing that you have a command (or some text) called successful on Branch Rule 1. If you move all of the subsequent config (Email, Logon Page etc) onto the fallback branch and then delete Branch Rule 1 I suspect that the policy will work.

 

Unless you want to have some logic on the OTP Generate action to do something....?

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
iaine
MVP
MVP

‎14-Sep-2021 05:40

Hi

 

I'm guessing that you have a command (or some text) called successful on Branch Rule 1. If you move all of the subsequent config (Email, Logon Page etc) onto the fallback branch and then delete Branch Rule 1 I suspect that the policy will work.

 

Unless you want to have some logic on the OTP Generate action to do something....?

0 Kudos

Go to solution
IRONMAN
Cirrostratus
Cirrostratus

‎16-Sep-2021 02:45

Hi Iaine,

 

Thank you, after i removed the Branch Rule 1 and it is working now.

I need one more help here, i unable to configure To address in email box, i tried with below option to capture the email id from local user data base profile, but not working, let me know if below parameter is correct.

 

 

in Email config

 

SMTP server host name

from: noreply@test.com

To: {session.ad.last.attr.mail}

 

 

 

0 Kudos

Go to solution
iaine
MVP
MVP

‎16-Sep-2021 02:58

Try %{session.ad.last.attr.mail}

0 Kudos

Go to solution
IRONMAN
Cirrostratus
Cirrostratus

‎24-Sep-2021 01:09

Hi Iaine,

 

I tried the below options, but getting below error, but if i type the full mail id in CC, i am getting OTP to end users.

To users i tried below option.

 

I tried below options:

 

%{session.ad.last.attr.mail} - Empty in to address, but CC user getting mail id.

%{session.ad.last.attr.mail}@providerservice.com - Here i am getting mail to other user who is CC, but in too with just @providerservice.com.

 

Note: in CC i typed full mail address of user.

 

 

APM Error logs:

 

14061 1631867923 1632469491 9/24/2021 8:44 21561958 Common ;hostname=Test.local.com;errdefs_msgno=01490266:7:;partition_name=Common;session_id=09efa93a;Access_Profile=/Common/AP_2FA;Partition=Common;Session_Id=09efa93a;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=610;Message=variable "session.ad.last.attr.mail" was not found in the local cache for session "09efa93a";

 

 

14061 1631867925 1632469491 9/24/2021 8:44 21561958 Common ;hostname=test.local.com;errdefs_msgno=01490266:7:;partition_name=Common;session_id=09efa93a;Access_Profile=/Common/AP_2FA;Partition=Common;Session_Id=09efa93a;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=625;Message=variable "session.ad.last.attr.mail" for session "09efa93a" was not found in MEMCACHED;

0 Kudos
Copyright © 2023 Khoros, LLC