Applies To:

Show Versions Show Versions

Archived Manual Chapter: Advanced Topics in Access Policies
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

This article has been archived, and is no longer maintained.

10 
In most applications, a logon page is used to present user name and password prompts to a user, to collect the credentials the user enters, and to forward those credentials on to an authentication method. In BIG-IP® Secure Access Manager, you use the visual policy editor to assign a logon page in an access policy. This section describes the logon action, and how to customize the page presented by the logon action.
Using the visual policy editor and the Configuration utility, you can specify multiple languages for your logon page, and customize messages for each language separately. To configure the languages that are available, see Customizing access profile languages.
The logon page header can include a company logo, a banner image, and a background color. In Figure 10.1, the header left image is the left-top-aligned image that says F5 NETWORKS. The header right image is the right-top-aligned image that includes a curve, an image of a computer, and the words NEXT GENERATION REMOTE ACCESS.
The logon page includes the form into which a user types logon credentials. This form contains the form header text message Remote Access Logon for F5 Networks, the user prompt User, the password prompt Password, and the logon button, labeled Logon.
The logon page footer includes a string of text. This footer can contain your custom text, with HTML tags. The default English footer is
This product is licensed from F5 Networks. Copyright 1999-2008 F5 Networks. <br> All rights reserved.
In addition to the logon page components displayed in Figure 10.1, you can customize logout components. Logout components are messages that are displayed when a user cannot log on because of an access policy error, or when the user logs off successfully. These messages can be customized with logout customization. Options for customizing logout messages include text for several purposes:
 
Success Title
Specifies the text displayed when a session is finished.
Success Message
Specifies the text displayed when the user logs out successfully.
Thank you Message
Specifies a thank you message displayed for network access users after logout.
Error Title
Specifies text that indicates that the session could not start.
Error Message
Provides a more specific error message that follows the error title, which indicates that a problem may have occurred during access policy evaluation.
New Session Text
Specifies text that precedes the link a user clicks to start a new session.
New Session Link
Specifies the text label for the hypertext link to start a new session, such as click here. This link follows the New Session Text.
Session ID Title
Specifies the text that precedes the session number when an error occurs.
The Secure Access Manager also provides users with descriptive error messages, that are displayed when specific errors occur during a network access session, or when attempting to establish a network access session. These error messages are customized in the Configuration utility. Error messages include:
 
Bad Request
Specifies the error message displayed when there is a malformed request or there is another problem with a request.
 
Bad Network Resource Config
Specifies the error message displayed when the access profile cannot find a valid network access resource.
 
Invalid Client IP
Specifies the error message that is displayed if the client IP address changes while the session is in progress.
Unsupported User Agent
Specifies the error message displayed when the browser user agent is not supported in the access policy.
User Limit Exceeded
Specifies the error message displayed when the resource cannot be assigned because the limit on the number of sessions has been reached.
Terminated Session
The error displayed when the session is terminated by the server.
System Under Maintenance
Specifies the error message displayed when a session cannot start because the server is performing maintenance.
ActiveX disabled
Specifies the error message displayed when the access policy attempts to load an ActiveX control in Microsoft Internet Explorer, and ActiveX is not enabled.
Installation failed
Specifies the error message displayed when installation of a browser component fails.
The logon page customization elements include the information that appears between the header and the footer. You customize this information using the Logon Page action in the access policy configuration. The default English logon page configuration appears in Figure 10.2.
You can customize logon pages to present your own graphics and text to users, for multiple languages, using the Configuration utility. You customize the logon page header and footer on the Access Profile page, on the Customization tab. You customize the Logon Page with the logon page action in the visual policy editor for the access policy.
1.
On the Main tab of the navigation pane, expand Access Control, then click the name of an access profile.
The Access Profiles screen opens.
2.
Click the Customization tab.
The Customization screen opens.
3.
Under Customization Lookup, from the Customization Type list, select header.
4.
From the Language list, select the language for which you want to customize the header.
5.
Click the Find Customization button.
The screen refreshes to show the header customization information.
6.
To add a right header image, in the Header Right - Image box, type the path, or click Browse and select the file.
The image is automatically aligned at the top and right of the header section. To view the image, click View/Hide.
7.
To add a left header image, in the Header Left - Image box, type the path, or click Browse and select the file.
The image is automatically aligned at the top and left of the header section. To view the image, click View/Hide.
8.
To specify a header background color for the header section, in the Header - Background Color box, type the hexadecimal color value.
You can find hexadecimal color values on the web. For example, you can find information about hexadecimal color values, and a number of example palettes, in the Wikipedia article: http://en.wikipedia.org/wiki/Web_colors.
9.
Click Update.
1.
On the Main tab of the navigation pane, expand Access Control, then click the name of an access profile.
The Access Profiles screen opens.
2.
Click the Customization tab.
The Customization screen opens.
3.
From the Customization Type list, select footer.
4.
From the Language list, select the language for which you want to customize the footer.
5.
Click the Find Customization button.
The screen refreshes to show the footer customization information.
6.
In the Form Footer Text box, type the footer text.
7.
Click Update.
1.
On the Main tab of the navigation pane, expand Access Control, then click the name of an access profile.
The Access Profiles screen opens.
2.
Click the Customization tab.
The Customization screen opens.
3.
From the Customization Type list, select logout.
4.
From the Language list, select the language for which you want to customize the logout page.
5.
Click the Find Customization button.
The screen refreshes to show the logout customization information.
7.
Click Update.
1.
On the Main tab of the navigation pane, expand Access Control, then click the name of an access profile.
The Access Profiles screen opens.
2.
Click the Customization tab.
The Customization screen opens.
3.
From the Customization Type list, select errormap.
4.
From the Language list, select the language for which you want to customize the error messages.
5.
Click the Find Customization button.
The screen refreshes to show the error message customization information.
7.
Click Update.
1.
On the Main tab of the navigation pane, expand Access Control, then click Access Profiles.
The Access Profiles screen opens.
2.
In the profile list, find the access policy you want to edit, then click Edit in the Access Policy column.
The visual policy editor opens in a new window or new tab, depending on your browser settings.
3.
5.
Select Logon Page and click Add Item.
The Logon Page configuration popup screen opens.
Form Header Text - Specifies the text that appears at the top of the login box.
Retry Message - Specifies the text that appears when the user enters incorrect credentials in either the user field, the password field, or both.
User Prompt - Specifies the text for the prompt that appears above the user name entry field.
Password Prompt - Specifies the text for the prompt that appears above the password entry field.
Save Password Checkbox - Specifies the text that appears adjacent to the check box that allows users to save their passwords in the logon form. This setting is used only in the standalone client, and not in the web client.
Logon Button - This is the text that appears on the logon button, which submits the user credentials to the access policy.
8.
Click Save when the settings are customized.
In this example, a logon page action is added to an access policy. The logon page action presents the logon information to a user who attempts to start a network access connection. In this example, the English language logon page is customized with several fields for the fictitious company Bogon Networks, Inc. In addition, the user name, password, and logon fields are customized, and the footer message is changed.
1.
On the Main tab of the navigation pane, expand Access Control, then click Access Profiles.
The Access Profiles screen opens.
2.
Click Create.
The New Access Profile screen opens.
3.
In the Name box, Type BogonNet1, then click Finished.
The Access Profile Properties screen opens.
4.
Click the Access Policy tab, then click Edit Access Policy for Profile "BogonNet1".
The visual policy editor opens in a new window or new tab, depending on your browser settings.
5.
Click the plus sign () to add an action.
The Add Item popup screen opens.
7.
Select Logon Page and click Add Item.
The Logon Page action popup screen opens.
8.
From the Language list, select en to customize the logon page for English.
9.
In the Form Header Text box, type Remote Access <br> for Bogon Networks, Inc.
10.
In the User Prompt box, type User ID:.
11.
In the Password Prompt box, type User Code:.
12.
In the Logon Button box, type LOGON.
The final configuration is shown in Figure 10.3, following.
13.
Click Save.
14.
Click Activate Access Policy.
Note: Typically you configure the header by adding your own custom logo and graphics. To simplify this example, the header box is left as the default with the F5 graphics and background color.
2.
From the Customization Type list, select footer.
3.
From the Language list, select en.
4.
Click Find Customization.
5.
In the Form Footer Text box, type For use by employees of Bogon Networks, Inc., and subsidiaries.<br>Copyright 2007 Bogon Networks, Inc.<br>All rights reserved.
6.
Click Update.
7.
Click Activate Access Policy.
In an access policy you can use multiple authentication methods by adding multiple authentication actions. With multiple authentication methods, you can add two-factor authentication to your access policy. You can also use multiple authentication methods to assign different resources or route users differently depending on the authentication method.
You can use two or more authentication methods in an access policy. The example shown in Figure 10.4 illustrates the use of a client certificate for authentication, followed by Microsoft® Active Directory® authentication. The Active Directory action uses the authentication information collected in the logon page action that precedes it. After the user is authenticated, the access policy assigns resources with the resource assign action, and the user sees the Webtop.
In this example, a user who logs on to the network must have both a valid client certificate, and an account on the Microsoft Active Directory® server. The following shows the sequence of events that occur in this example.
If the users certificate action passes successfully, the user sees a logon page. If the users certificate action does not pass successfully, the user is passed to the logon denied page.
This example provides a guide to the tasks involved in the configuration of this access policy. Note that this is not a step-by-step procedure, but a list of procedures, with references to the tasks that you must perform to complete the example.
1.
(Optional) Add the Client OS action.
See Setting up the client OS check. Configure the Client OS access policy item with one rule that specifies the Client OS is Windows Vista or Windows XP. Delete the other rules. You can optionally rename the Client OS access policy item.
5.
Add the resource assign action to the successful rule branch of the access policy.
The resource assign action must include a network access resource. See Assigning resource groups to users.
7.
Click Activate Access Policy to start the access policy.
You can use VLAN-based policy routing in a number of different scenarios to provide users access to different network segments or resources. For example, you might create a VLAN that connects unauthenticated users on a publicly available wireless segment only to the external web, while denying access to internal network resources. To create this configuration, you can use a VLAN selection action in the access policy on the fallback rule branch of an authentication action, to send failed logons to a VLAN segment that is off the internal network.
To configure VLAN-based policy routing, you must configure a VLAN Gateway that contains a VLAN and a next-hop IP address. See Using VLAN gateways, following, to configure a VLAN Gateway.
Note: You are not required to set up multiple VLANs to use VLAN-based policy routing. You can route a user to the same VLAN, with a different next-hop router address, to segment that user.
VLAN gateways provide a VLAN resource to access policies. To configure a VLAN gateway, you need to have more than one VLAN configured, and a next-hop IP address for the VLAN (usually the gateway for that VLAN).
VLAN gateways can then be accessed in access policies, to perform policy-based routing. Using the VLAN selection action, you can assign users to a VLAN based on conditions within the access policy. For example, certain failure conditions or logon results can send users to a different VLAN.
1.
On the Main tab of the navigation pane, expand Access Control, and click VLAN Gateways.
The VLAN Gateway List screen opens.
2.
Click Create.
The New VLAN Gateway screen opens.
3.
In the Name box, type the name for the VLAN gateway.
4.
From the VLAN list, select a VLAN to use.
You can create a VLAN to use with the VLAN gateway by clicking the plus sign ().
5.
In the Next Hop IP Address box, type the next-hop router address.
This is typically the IP address of the gateway for the VLAN.
6.
Click Finished to complete the configuration, or Repeat to define another VLAN gateway.
Once you have defined a VLAN gateway, you can route users to the VLAN gateway in the access policy, using the VLAN selection action.
1.
On the Main tab of the navigation pane, expand Access Control, then click Access Profiles.
The Access Profiles screen opens.
2.
In the profile list, find the access policy you want to edit, then click Edit in the Access Policy column.
The visual policy editor opens in a new window or new tab, depending on your browser settings.
3.
On a rule branch of the access policy, click the plus sign () to add an action.
The Add Item popup screen opens.
5.
Select VLAN Selection and click Add Item to add the action to the access policy.
The VLAN Selection action popup screen opens.
6.
From the VLAN Gateway list, select the VLAN gateway.
7.
Click Save to complete the configuration.
In this example, your company has switched from RADIUS authentication to Active Directory authentication, but has not yet completed the full transition. Because of the state of the authentication changeover, you would like your legacy RADIUS users to pass through to a different network on a separate router, instead of allowing full access to your network.
An access policy that contains a logon page, an Active Directory Authentication action, a RADIUS authentication action, two resource assign actions, and a VLAN selection action.
To configure this example, you must define a VLAN gateway and create an access policy that references that VLAN gateway. To keep the access policy generic enough for any implementation, the example does not specify names or addresses for the Active Directory server or the RADIUS server to use with the authentication action. The example also does not specify resource groups to use with the resource assign action. You can create the access policy without configuring these actions, and add your own servers and resource groups. An IP address on an internal network is specified for the VLAN gateway, because this is required to configure the VLAN gateway object; if you define your own VLAN gateway object, you must use an IP address from your own network configuration.
1.
On the Main tab of the navigation pane, expand Access Control, and click VLAN Gateways.
The VLAN Gateway List screen appears.
2.
Click the Create button.
The New VLAN Gateway screen opens.
3.
In the Name box, type LegacyRoute.
4.
From the VLAN list, select the VLAN to use with this VLAN gateway.
In this example, the VLAN used for the example is the same VLAN as is used for other traffic; only the next hop router is changed.
5.
In the Next Hop IP Address box, type 10.10.10.18.
Note that this is an example IP address from the private network; you can also specify your own internal IP address to configure the example to work on your system.
6.
Click Finished.
1.
On the Main tab of the navigation pane, expand Access Control, then click Access Profiles.
The Access Profiles screen opens.
2.
Click the Create button.
The New Profile screen opens.
3.
In the Name box, type a name for the access profile, for example, PolicyRouteTest.
4.
Click Finished.
The Access Policy screen appears.
1.
On the access policy screen, click the link, Edit Access Policy for Profile.
The visual policy editor opens in a new window or new tab, depending on your browser settings.
2.
On the fallback branch of the access policy, click the plus sign () to add an action.
The Add Item popup screen opens.
4.
Select the Logon Page action, and click Add Item.
The Logon Page action popup screen opens.
5.
Click Save to save and close the action.
6.
Click the plus sign () on the fallback branch after the logon page action.
The Add Item popup screen opens.
8.
Select AD, and click Add Item.
The Active Directory action popup screen opens.
9.
From the Server list, select an Active Directory server.
If you do not have an Active Directory server, you can leave the action unconfigured for the purposes of the example.
10.
Click Save to save the action.
11.
On the successful branch following the Active Directory action, click the plus sign () to add an action.
The Add Item popup screen opens.
13.
Select the Resource Assign action, and click Add Item.
The Resource Assign action popup screen opens.
14.
Click the Add new entry button.
15.
From the Resource Group list, select a resource group to assign to clients who successfully authenticate with Active Directory.
16.
Click Save to save the action.
17.
On the fallback branch following the Active Directory action, click the plus sign () to add an action.
The Add Item popup screen opens.
19.
Select the RADIUS action, and click Add Item.
The RADIUS action popup screen opens.
20.
From the AAA Server list, select a RADIUS server.
If you do not have a RADIUS server, you can leave the action unconfigured for the purposes of the example.
21.
Click Save to save the action.
22.
On the successful branch following the RADIUS action, click the plus sign () to add an action.
The Add Item popup screen opens.
24.
Select the VLAN Selection action, and click Add Item.
The VLAN Selection action popup screen opens.
25.
From the VLAN Gateway list, select LegacyRoute.
This assigns the VLAN gateway you defined earlier to clients who successfully authenticate to the RADIUS server.
26.
Click Save to save the action.
27.
On the successful branch following the VLAN selection action, click the plus sign () to add an action.
The Add Item popup screen opens.
29.
Select the Resource Assign action, and click Add Item.
The Resource Assign action popup screen opens.
30.
Select a network access resource to assign to clients who successfully authenticate with RADIUS.
Note that you can assign the same network access resource to both types of clients, and because of the different VLAN gateway specified in the VLAN selection action, the clients will still reach separate routers.
31.
Click Save to save the action.
32.
Click the endings following the two resource assign actions, and change them both to webtop endings, by selecting Webtop and clicking Save.
You can use advanced rules in an access policy to provide customized functionality to users. This functionality is useful when the default access policy rules and the rules created with the expression builder do not provide functionality you require.
When you write an expression in the Advanced tab of the rule popup screen, a non-zero return value typically causes the rule to be evaluated as true or successful, and the access policy follows the corresponding rule branch. The return value of 0 causes the rule to be evaluated as false, and the rule follows the corresponding branch, or a fallback branch.
You can use an advanced access policy rule to make flexible decisions after an access policy action completes. To do this, you add the advanced access policy rule on the Advanced tab in the Expression popup screen of an action.
In this scenario, if the value returned by the expression is not zero, the rule is evaluated as true, and the access policy runs and follows the corresponding rule branch. If the value returned by the expression is zero, the rule is evaluated as false, and the access policy follows the branch assigned to the negative response (typically a fallback branch).
You can use an advanced access policy rule to add flexibility when assigning resources to users. To do this, you add the advanced access policy rule on the Advanced tab in the Expression popup screen of the resource assign action.
In this scenario, if the value returned by the expression is not zero, the resource assignment rule is evaluated true, and the corresponding resource or ACL is assigned to the user. If the value returned by the expression is zero, the resource assignment rule is evaluated as false, and the resource or ACL is not assigned.
You can use an advanced access policy rule to add flexibility by creating a custom session variable, and then assigning the session variable in other advanced access policy rules. To do this, you use the custom variable and custom expression options in the variable assign action.
In this scenario, the value returned by the custom expression is assigned to the custom variable.
You can use an advanced access policy rule to override the properties of an assigned network access resource. To do this, you assign a configuration variable to a custom expression, in the variable assign action.
In this scenario, the value returned by the expression is used to overwrite the value of the selected property from the network access resource.
Advanced access policy rules are written in the Tcl programming language. An advance access policy rule is a Tcl program. You can use the various facilities provided by the Tcl language in advance access policy rules. For example, you can use loops (while, foreach, and so on), conditions (ifelse, switch, and more), functions (proc), and built-in Tcl commands (strings, split, for instance) as well as various Tcl operators.
In Secure Access Manager access policies, session variables are accessed from system memory during the evaluation of an access policy rule. Secure Access Manager stores all session variables generated in a session in its memory cache. The Tcl command that gets these variables is mcget, which is an abbreviation for "get the session variable from the memory cache."
In this example, the name of the session variable, session.ssl.cert.cn, is enclosed in braces { }. The brackets [ ] that enclose the entire command are the TCL notation for command evaluation.
You can use a Tcl expression or a complete Tcl program as an advanced access policy rule. The return value of the expression or program is used to evaluate the access policy rule. For example, the following access policy rule uses a TCL expression to check if the Organizational Unit (OU) field of a user certificate contains the text PD.
Note: The Tcl language specifies that the expression begin with the syntax expr. For a complete description of the various operators and syntax allowed in a Tcl expression, see http://www.tcl.tk/man/tcl8.0/TclCmd/expr.htm.
In Secure Access Manager, the Tcl code entered in an action is not validated for proper Tcl syntax. If there is a Tcl syntax error in a rule, this error is not caught at configuration time, but the rule fails at session establishment time. We recommend that you test rules with an independent Tcl shell before they are configured in the access policy to avoid this.
The semicolon separator (;) is required between two consecutive Tcl statements. This is not the same as using the default newline (\n) as a separator.
Note: The name space for Secure Access Manager is shared across all rules. If you define a Tcl variable in one rule, it is accessible in another rule also. We recommend that you use a unique prefix for local variables in each rule, to avoid polluting variables from different rules.
1.
On the Main tab of the navigation pane, expand Access Control, then click Access Profiles.
The Access Profiles screen opens.
2.
In the profile list, find the access policy you want to edit, then click Edit in the Access Policy column.
The visual policy editor opens in a new window or new tab, depending on your browser settings.
3.
Add or edit an action.
The action popup screen opens.
5.
Next to the Expression, click change.
The rule editor popup screen opens.
7.
In the Advanced box, type the expression.
9.
Click Save.
In this scenario, if the value returned by the expression is not zero, the rule is evaluated as true, and the access policy continues and follows the corresponding rule branch. If the value returned by the expression is zero, the rule is evaluated as false, and the access policy follows the branch assigned to the negative response (typically a fallback branch).
1.
On the Main tab of the navigation pane, expand Access Control, then click Access Profiles.
The Access Profiles screen opens.
2.
In the profile list, find the access policy you want to edit, then click Edit in the Access Policy column.
The visual policy editor opens in a new window or new tab, depending on your browser settings.
3.
Add or edit a resource assign action.
The resource assign popup screen opens.
4.
Click the Add New Entry button.
5.
In the Expression column, click change.
The rule editor popup screen opens.
7.
In the Advanced box, type the expression.
9.
Click Save.
In this scenario, the expression returns a value. If the return value is not zero, the resource assignment rule is true, and the access policy assigns the corresponding resource or ACL to the user. If the return value is zero, the resource assignment rule is evaluated as false, and the access policy does not assign the resource or ACL.
1.
On the Main tab of the navigation pane, expand Access Control, then click Access Profiles.
The Access Profiles screen opens.
2.
In the profile list, find the access policy you want to edit, then click Edit in the Access Policy column.
The visual policy editor opens in a new window or new tab, depending on your browser settings.
3.
Add or edit a variable assign action.
The variable assign action popup screen opens.
5.
Next to the Expression, click change.
The rule editor popup screen opens.
6.
Under Assignment, click change.
The Variable Assign popup screen opens.
7.
In the Custom Variable box, type the new custom variable.
8.
In the Custom Expression box, type the expression.
10.
Click Save.
In this scenario, the custom expression returns a value that the variable assign action then assigns to the custom variable.
1.
On the Main tab of the navigation pane, expand Access Control, then click Access Profiles.
The Access Profiles screen opens.
2.
In the profile list, find the access policy you want to edit, then click Edit in the Access Policy column.
The visual policy editor opens in a new window or new tab, depending on your browser settings.
3.
Add or edit a variable assign action.
The variable assign action popup screen opens.
5.
Next to the Expression, click change.
The rule editor popup screen opens.
6.
Under Assignment, click change.
The Variable Assign popup screen opens.
7.
On the left side, select Configuration Variable.
8.
From the Name list, select the name of the network access resource in which you want to overwrite the variable.
9.
From the Property list, select the network access resource property you want to overwrite with a custom expression.
10.
In the Custom Expression box, type the expression.
12.
Click Save.
In this scenario, the expression returns a value that overwrites the value of the selected property from the network access resource.
By default, the access policy evaluates the antivirus check successfully if any of the detected antivirus packages are present and active on the client system. In this advanced rule example, you change the antivirus check behavior so the access policy evaluates the antivirus check successfully only if all detected antivirus packages are active.
1.
On the Main tab of the navigation pane, expand Access Control, then click Access Profiles.
The Access Profiles screen opens.
2.
In the profile list, find the access policy you want to edit, then click Edit in the Access Policy column.
The visual policy editor opens in a new window or new tab, depending on your browser settings.
3.
To add the antivirus action, click the plus sign () on an access policy branch.
The Add Item popup screen opens.
5.
Select Antivirus Check and click Add Item.
The Antivirus action popup screen opens.
7.
Next to the Expression, click change.
The rule editor popup screen opens.
9.
In the Advanced box, type this complete expression:
set i 1;
set count [mcget {session.windows_check_av.last.count} ];
set minage [expr 7 * 24 * 3600];
while { $i <= $count } {
if { [mcget "session.windows_check_av.last.item_$i.state" ] == 0 ||
[mcget "session.windows_check_av.last.item_$i.db_time" ]
< [expr { [mcget "session.user.starttime"] - $minage } ] } {
return 0;
};
set i [expr {$i + 1}];
};

return 1;
11.
Click Save.
In this example, the access policy parses the CommonName (CN) field from the clients SSL certificate, and the access policy uses part of that CN as the logon name. The result of this example, if the name field for the certificate includes CN=Smith, OU=SBU,O=CompanyName,L=SanJose, ST=CA,C=US, is that the data Smith is extracted from the name field, and the access policy passes this on as the logon name. Successive actions on this branch of the access policy can then use this logon name.
You can use the variable assignment agent to assign the value from the certificates CN field to the value for the session variable session.logon.last.username, using the variable assignment agent.
You assign the result of this example code to a custom variable called session.logon.last.username using the variable assign action.
1.
On the Main tab of the navigation pane, expand Access Control, then click Access Profiles.
The Access Profiles screen opens.
2.
In the profile list, find the access policy you want to edit, then click Edit in the Access Policy column.
The visual policy editor opens in a new window or new tab, depending on your browser settings.
3.
To add the variable assign action, click the plus sign () on an access policy branch.
The Add Item popup screen opens.
5.
Select Variable Assign and click Add Item.
The Variable Assign action popup screen opens.
6.
Click the Add New Entry button.
7.
Under Assignment, next to empty, click change.
The variable assignment editor popup screen opens.
8.
In the Custom Variable box, type session.logon.last.username.
9.
In the Custom Expression box, type the complete expression:

foreach field $cn_fields {
set name [string range $field [expr { [string first "=" $field ] + 1} ] end ];
11.
Click Save.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)