cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

SSO credential mapping with Symantec

jtlampe
MVP
MVP

We are trying to build an APM policy that uses Symantec push authentication. I need to still be able to do SSO credential mapping to the backend application. However with Symantec appending a set of characters to the end of the user's password before it is set as the session.logon.last.password variable is breaking any SSO credential mapping we can without having two separate login pages. Is there an iRule that I can write that would take the users password and remove the added characters and make a new variable that I call in the mappings?

2 REPLIES 2

Chris_Wentland
Nimbostratus
Nimbostratus

The String Range can help you accomplish what you're looking for. Sample below!

 

when RULE_INIT { set user_password "password123456" log local0. "User Input Password: $user_password" set clean_password [string range $user_password 0 end-6 ] log local0. "Cleaned Password: $clean_password" }

Dec 7 08:30:04 bigip info tmm5[31075]: Rule /Common/password_length_rule <RULE_INIT>: User Input Password: password123456

Dec 7 08:30:04 bigip info tmm5[31075]: Rule /Common/password_length_rule <RULE_INIT>: Cleaned Password: password

jtlampe
MVP
MVP

We found the solution. We had to work inside the policy to assign session variables and remove the additional code that Symantec was adding to the password. This allowed us to take the full password (with symantec code) and send it to radius as a named variable, and have the last.password be the actual user's password to check it against AD since you cannot name the variable to be used for AD auth.