Manual : Adding a Variable Assign agent to collect the username in an OAuth MFA subroutine

Applies To:

  • BIG-IP APM

    21.0.0, 17.5.1, 17.5.0, 17.1.3, 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.6, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9

back-action Seamless OAuth with Okta and RADIUS MFA

Adding a Variable Assign agent to collect the username in an OAuth MFA subroutine

You should have a per-request policy, and SAML authentication servers for authentication with and without MFA.

Create the subroutines to allow continuous checks and reauthenticate with RADIUS and MFA when the user goes to a specific URL.

  1. From the Main tab, click Access > Profiles / Policies > Per-Request Policies.

  2. Find the policy you want to edit, and in the Per-Request Policy column, click Edit.

  3. In the per-request policy, click Add New Subroutine.

  4. Name the subroutine for use with OAuth and MFA. For example, radius_mfa_okta.

  5. Click Save.

  6. Expand the subroutine, and click the plus to add a new item.

  7. Click the Assignment tab, select Variable Assign, and click Add Item.

  8. Click Add new entry.

  9. On the left, select Custom Variable and type subsession.logon.last.username.

  10. On the right, select Session Variable and type last.subsession.logon.last.logonname.

  11. Click Finished.

Configure the remaining items for the subroutine.