Manual Chapter : Session variables for more granular access control in step-up authentication
Applies To:Show Versions
- 16.0.1, 16.0.0
Session variables for more granular access
control in step-up authentication
Session variables might not change throughout a session. However, in conjunction with other data, they can be used to create distinctive subsessions that control which resources a user can reach. A Variable Assign agent or an iRule agent could put a string into the
perflow.scratchpadvariable like this example:
An administrator can derive the example string from a session variable and date-time information.
- Senior_Executive - Added to the string based on a group name in thesession.ldap.last.attr.memberOfsession variable.
- After_Hours - Appended to the string if the current time is after 5 PM today and before 7 AM tomorrow; otherwise, Office_Hours could be appended to the string.
- 04_06_2017 - The most recent 24-hour period that started at 7 AM is appended to the string.
The F5 DevCentral online community is the source for information about iRules.
BIG-IP Access Policy Manager: Visual Policy Editoron the AskF5 web site located at
support.f5.comprovides information about session variables, perflow variables, and Tcl usage, all of which can be helpful when working with Variable Assign.