APM Variable assign to change email attribute?
Hello, Does any one know the best way to do a custom variable assign to modify the ending of our mail attribute to always be the same thing? The problem we have is we allow multiple domains as our default email for users but when trying to authenticate to a hosted site using email address it won't match for some users. I got help a while ago on here and was told how to convert a specific email domain to another but now I need to convert at least 10 different emails to a single domain. Here is how I was able to convert one email domain to another but not sure how to adapt that to many. string map {@test.org @example.org} [string tolower [mcget {session.ad.last.attr.mail}]] Now I need to convert around 10 different domains to @example.org. Note all of them are different names so just made up a few examples @john.org @smith.org @joey.org
custom clock format variable in message box
I would like to display the av db time variable in a message box in human readable format. I was trying to create a custom variable that would format it to human readable but it doesn't seem to work. I have found other examples but it looks like those used irules to set custom variables using the clock format command. Can irule custom variables be displayed in message box output? Or is there a way to format it using variable assign? variable assign example: epoch.db.time = [clock format [mcget {session.check_software.last.av.item_1.db_time}]] irule event example: when ACCESS_POLICY_AGENT_EVENT { if { [ACCESS::policy agent_id] eq "Epoch_to_Standard" } { log local0. "Entered Epoch_translation" set epoch.time [ACCESS::session data get session.check_software.last.av.item_1.db_time] log local0. "epoch time $epoch.time" set clockFormat "[clock format $epoch.time]" log local0. "formatted $clockFormat" } } ^^ can I put the $clockFormat variable in a message box after the irule event?Multi-Domain SSO Profile and Citrix iApp
We are working on getting SSO into Citrix (Storefront 3.0, XenApp 7.6) working using a multi-domain access profile (already created and performing SSO into other apps using NTLM, Kerberos, and SAML). When we have tried to add Citrix to the multi-domain AP, we end up hitting a wall. It seems that in the default Access Profile that the iApp creates, it sets the session.sso.token.last.username to "domain\[mcget {session.logon.last.username}]". That variable is then used by the form sso configuration object for authentication. But if I set this variable as described above in the multi-domain access profile, authentication breaks for other apps. Is there a way to set a different or custom variable and then leverage that variable for the form instead of the session.sso.token.last.username variable? If so, how would I set that variable? Any help is greatly appreciated. Thank you.SAML SSO send specific AD Group in Assertion
We are using F5 APM as IdP and are trying to send AD Groups in our SAML assertion to the SP using the attribute session.ldap.last.attr.memberof. Some of our AD groups have special character, causing the assertion to fail as documented in https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15157.html. We don't need to send all the AD Groups to the SP, only the groups that would be related to the application we are logging into. We are trying to configure a custom variable in the APM to select specific groups. Is this possible? Could we configure a custom expression like { set memberof [mcget {session.ldap.last.attr.memberof}] contains "appname" }?