Session variables for more granular access control in step-up authentication

Session variables might not change throughout a session. However, in conjunction with other data, they can be used to create distinctive subsessions that control which resources a user can reach. A Variable Assign agent or an iRule agent could put a string into the perflow.custom or perflow.scratchpad variable like this example:

Senior_Executive_After_Hours_04_06_2017

An administrator can derive the example string from a session variable and date-time information.

Senior_Executive - Added to the string based on a group name in the session.ldap.last.attr.memberOf session variable.
After_Hours - Appended to the string if the current time is after 5 PM today and before 7 AM tomorrow; otherwise, Office_Hours could be appended to the string.
04_06_2017 - The most recent 24-hour period that started at 7 AM is appended to the string.

The F5 DevCentral online community is the source for information about iRules. BIG-IP Access Policy Manager: Visual Policy Editor on the AskF5 web site located at support.f5.com provides information about session variables, perflow variables, and Tcl usage, all of which can be helpful when working with Variable Assign.

Subscriptions

Product Usage

Trials

Registration Keys

Downloads

Applies To:

BIG-IP APM

Session variables for more granular access control in step-up authentication

Have a Question?

About F5

Education

F5 Sites

Support Tasks

Subscriptions

Product Usage

Trials

Registration Keys

Downloads

Applies To:

BIG-IP APM

Session variables for more granular access control in step-up authentication

Follow Us