Forum Discussion
This is real complex and I may not be able to help but after the first authentication and saving the seesion variable otp_username and after the second authentication has passed did you try to change/rewrite session.logon.last.username with the value of variable otp_username with a variable assign agent? In a way to make session.logon.last.username after the second authentication to be the same like in the first authentication so the UUID to match what you want.
if this breaks something you can also try to use the ACCESS_POLICY_AGENT_EVENT not ACCESS_POLICY_COMPLETED and placing this event right after you saved otp_username. The ACCESS_POLICY_COMPLETED is when the policy is done so it has session.logon.last.username set to the second authentication, so this seem the issue from what you have written.
https://clouddocs.f5.com/api/irules/ACCESS_POLICY_AGENT_EVENT.html
This are my all ideas, if someone knows something else please share it.