Can the access policy variable session.logon.last.password be passed to a per-request policy subroutine?
Can the access policy variable session.logon.last.password be passed to a per-request policy subroutine? Version 13.1.0 I am attempting to pass the username and password from the Access Policy to the Per-Request-Policy subroutine for use after URL branching, without adding another logon prompt. Similar to this thread but without the OTP logon prompt. https://devcentral.f5.com/questions/is-accessing-session-variables-from-per-request-subroutine-possible-58789 The mentioned thread solution works. It creates a logon prompt for the OTP as the password. This is still a prompt for a user to enter a "password" although it is an OTP. I can successfully pass the user name but not the originating session.logon.last.password from the access-policy. After the user logs on the site, I want to enable Radius MFA Push for specific URL paths. The user is already logged on the access policy. I don't feel they need another logon prompt during the per-request policy. I have tried many methods without success (per-request policy; subroutine, subroutine macro, access policy; decrypt password). Either I haven't found the right combination or it doesn't work this way. Am I missing something? mcget -secure {session.logon.last.password} https://devcentral.f5.com/questions/how-can-i-see-a-password-session-variable-47462 mcget {session.logon.last.password} subsession.logon.last.password I am also trying other avenues such as using iRule LX to submit the request to the MFA API. I was just hoping radius would be an easier route.
Per-Request subroutine loop setup?
Hello All, I am trying to figure out how to configure a RADIUS authentication subroutine in a per request policy so the user can have more then one attempt to enter a one time password. The default gives them just one attempt then they need to close the session and start over. I am running 13.1.0.7 and understand that the setting I need is under the "Subroutine Settings / Rename" button. The issue is when I try to modify this subroutine settings I keep getting this error message. I have attempted selecting a bunch of different things for the Gating Criteria but nothing works it always has same error message. Thanks for your help! I have also tried to use AD Auth as a test and I get a similar error saying that can't be found as well. Here is my Per-Request policy in case it might help figure out why I am getting this error.
