Manual Chapter :
Session variables for more granular access
control in step-up authentication
Applies To:
Show VersionsBIG-IP APM
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9
Session variables for more granular access
control in step-up authentication
Session variables might not change throughout a session. However, in conjunction with other
data, they can be used to create distinctive subsessions that control which resources a user can
reach. A Variable Assign agent or an iRule agent could put a string into the
perflow.custom
or perflow.scratchpad
variable like this
example:Senior_Executive_After_Hours_04_06_2017
An administrator can derive the example string from a session variable and date-time
information.
- Senior_Executive - Added to the string based on a group name in thesession.ldap.last.attr.memberOfsession variable.
- After_Hours - Appended to the string if the current time is after 5 PM today and before 7 AM tomorrow; otherwise, Office_Hours could be appended to the string.
- 04_06_2017 - The most recent 24-hour period that started at 7 AM is appended to the string.
The F5 DevCentral online community is the source for information about
iRules.
BIG-IP Access Policy Manager: Visual Policy Editor
on
the AskF5 web site located at support.f5.com
provides information about session variables, perflow variables, and
Tcl usage, all of which can be helpful when working with Variable Assign.