Forum Discussion
Michael_Jenkins
Nov 17, 2015Cirrostratus
You would do something like this, just adding other criteria to the switch statement.
when ACCESS_POLICY_AGENT_EVENT {
check for policy agent_id
if { [ACCESS::policy agent_id] eq "set_timeout_values" } {
switch -glob [ACCESS::session data get "session.ad.last.attr.memberof"] {
"*CN=Standard_SSL_Users*" {
ACCESS::session data set session.inactivity_timeout 150
ACCESS::session data set session.max_session_timeout 200
log local0.notice "Inactivity and Max timeout set (1)"
}
"*CN=SSL_Users_2*" {
ACCESS::session data set session.inactivity_timeout 200
ACCESS::session data set session.max_session_timeout 300
log local0.notice "Inactivity and Max timeout set (2)"
}
"*CN=SSL_Users_3*" {
ACCESS::session data set session.inactivity_timeout 300
ACCESS::session data set session.max_session_timeout 400
log local0.notice "Inactivity and Max timeout set (3)"
}
}
}
}