Forum Discussion
As jstaf discovered, the password collected in the APM logon form is not directly accessible via iRules. I can't say if this is intentional, but probably not a bad idea nonetheless. You can still get to the password by creating a custom session variable in a VPE variable assignment agent:
session.custom.pass = return [mcget -secure {session.logon.last.password}]
Generally though, the AAA objects and SSO profiles do have access to the password variable, so you could do something like the following:
Present three fields in the logon form (username, password, and token ID). When you're doing AAA, most of the agents expect the password in the session.logon.last.password variable, so simply 1) assign the user password to a temporary variable, 2) assign the token ID to the session.logon.last.password variable just before the SecurID AAA, and then 3) put the user password back into that variable for an AD/LDAP AAA or form/ntlm SSO.