Forum Discussion
5 Replies
- iaineNacreous
Hi
Have you tried adding an expression to the Resource Assign object? So something like
- sricharan61Cirrus
Hi Iaine
I tried setting up the configuration like this.
expr {[mcget {session.oauth.client.last.id_token.groups}] =="xxxxxxx-xxxx-xxxx-x-xx"}
Static ACLs: /Common/test
Add/Delete
also
expr {[mcget {session.oauth.client./Common/AzureADB2BOauthprov.id_token.g roups}]== "xxxxxx-xxxx-xxxx-xxx-xxxxxx"}
Static ACLs: /Common/test
Add/Delete
as i saw both these entries in the access logs for the groups information in different session variable names.
but i do not see the resource assign parameter logs invoking a match for these expressions to send to ACL in the access logs
- iaineNacreous
Dumb question I know, but is the resource assigning happening after the oauth call?
Have you tried outputing the variables to a message box just prior to the acl assignment to ensure that the variables are present and correct? https://support.f5.com/csp/article/K11123
- sricharan61Cirrus
Hi Iaine
Looks like its working, its just that the logs is are not showing the exact match happening by the condition we are setting. It simply shows what ACL was assigned. I set up a logging message after the oauth client to be able to see that user group match logged in the session logs.
- Richard_TocciEmployee
Turning on debug logging in the APM logging profile would have shown this activity.
General rule of thumb - if you don't see it in the logs, turn on debug and you will.