APM VPN policy with a hiddent domain addition

Question

Hello
Users normally login with username@domain, which matches their UPN and also matches RSA username.
Now that Office365 federation requires a UPN change, their UPN will be changed to a much longer domain name that they have to type every time they login.
Is it possible to modify RSA logon page step in the policy so that they just type their username and F5 will add a domain name when it is passed to RSA for authentication?
Like this:
1. User just types "username" and their PIN+Tokencode
2. F5 APM policy transforms the "username" to "username@somelongdomainname" and passes the new username and pin+tokencode to RSA&nbsp;
What is the best way to do it? Environment is complex and we cannot just change RSA usernames to a short name (we tried)&nbsp;

stanislas_piro2 · Answer

you can use following variable assign
session.logon.last.username = 
expr { [set username [string tolower [mcget {session.logon.last.logonname}]]] contains "@" ? $username : "$username@domain.local" }

youssef1 · Answer

Hello,
Add a "Variable assign" and set it like that:
Custom Variable:
    session.logon.last.username
Custom expression:
    expr { "[mcget {session.logon.last.username}]@mydomain.com" }

Regards,

Forum Discussion

APM VPN policy with a hiddent domain addition

2 Replies

Recent Discussions

BigIP Next - Health Monitors / Template

LDAPS and renegotiation

Need advise to setup a policy on F5

Web acceleration

What are the different phases in DevOps?

Related Content

Auditing Security Policy Updates

Minimizing Security Complexity: Managing Distributed WAF Policies

LTM Policy

Access policy, LTM policy and iRules

iControl REST Cookbook - LTM policy (ltm policy)