NimbostratusI am trying to setup a logon page that would use the username, password, and a third field. The username will match in AD and the localdb but the password for AD will differ from the localdb. The localdb password would simulate a static PIN. I am sure I need to use a mcget but how do I tell the LocalDB Auth object to use the third field variable instead of the session.logon.last.password ?
EmployeeOn the logon page you will have three variables (username, password, local_pass) and after you perform the AD auth (it will use session.logon.last.username and session.logon.last.password) you will then need to do a variable assign action to assign session.logon.last.local_pass to session.logon.last.password.
The next step would be the LocalDB auth which will also use the session.logon.last.username and session.logon.last.password.
Check out this DevCentral article and see if it helps.
https://devcentral.f5.com/questions/f5-apm-mutiple-authentication-method
Regards,
Seth
NimbostratusSeth, That is exactly what I was looking for. I never used the Variable Session object before. I am just working through making it work off the LocalDB, it isn't authenticating correctly even though I made the pass 1234. I figured I couldn't misspell that.
Thanks for the help
EmployeeHey Kyle,
Can you share your session logs for the attempt? Can you send us a screenshot of the VPE? If you setup a different policy and just use logon page and localdb auth can you make it work?
Seth
NimbostratusSeth,
I tested it with just the local DB and that worked. The VPE is basically a Logon page, AD Auth object, followed by the Session Variable, then the LocalDB. It appears in the APM session logs that the field3 from the Logon Page (4 digit pin) is not changing from the session.logon.last.token to session.logon.last.password. I get the session variable 'session.logon.page.errorcode' set to '1000'. I think the issue is in the Session Variable object. Funny that just yesterday, I had to use this but set the username and password from here. The username I had to use text and the password was a return {xxxxxx}.
thanks, Kyle
EmployeeHi Kyle,
From your description it appears your variable assign is not working properly. Can you provide the variables used on the logon page, and the variables and expressions used in the variable assign?
Seth
NimbostratusFrom the logon page
I made line 3 text so that I could log it and see the value instead of the ******
these are from the Session Variables object
EmployeeNimbostratusFrom the logs, it looks like I missed a space in the variable session.
This was the incorrect one - mcget{session.logon.last.rsapin}
This is the correct one - mcget {session.logon.last.rsapin}
Seth, Thank you for the help
Employee