Choose which active directory to login in to using an APM policy

Problem this snippet solves:

How to login to F5 using APM policies and choosing which active directory to login in to from the login page.

How to use this snippet:

After creating virtual servers and everything to access a web application that requires login, you can use APM to configure user authentication and you can give the user a choice to select which active directory they can use. This is going to be helpful in case we have a single login page for internal and external users and those two types of users reside in two different active directories.

Here is the policy

I am using APM internal login page in this scenario.

Next is to add a drop-down list to the login page

After that, you can add an Empty action and this is where you are going to configure your branches based on the selection made from the drop down in the login page.

The user can now choose and login to the appropriate Active Directory.

Code :

// Expression for the Empty Action item

// Active directory 1, use branch 1
expr { [mcget {session.logon.last.domain}] == 1 }

// Active directory 2, use branch 2
expr { [mcget {session.logon.last.domain}] == 2 }
Published Dec 07, 2016
Version 1.0
APM
security

Was this article helpful?

1 Comment

Sort By
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Dec 12, 2016

    Hi,

     

    when you configure a filter between logon page and Authentication box (whatever authentication method used), max authentication attempts must be set to 1.

     

    if max authentication attempts are more than 1, following attempts will follow the same path than the first attempt even if condition is changed.

     

    if you want to support more than 1 attempt, you must include logon tree in a macro with macro loop.

     

    another point is you can add branches in logon page box instead of dedicated box.