ltm rule command ACCESS user
iRule(1) BIG-IP TMSH Manual iRule(1)
ACCESS::user
Returns user ID information.
SYNOPSIS
ACCESS::user getkey SID_HASH
ACCESS::user getsid KEY
ACCESS::user ACCESS_USER_COMMAND (ACCESS_USER_INFO)?
DESCRIPTION
The ACCESS::user commands return user ID information.
ACCESS::user getsid
* Returns the list of created external SIDs which is associated wit
the specified key
ACCESS::user getkey
* Returns the original SID for specified hash of SID
* This command works for clientless mode only
* Requires APM module
RETURN VALUE
VALID DURING
EXAMPLES
when HTTP_REQUEST {
set http_path [string tolower [HTTP::path]]
if { $http_path == "/protected-uri" } {
}
else return
set apm_username [ string tolower [HTTP::username] ]
set apm_password [HTTP::password]
set user_key {}
append user_key $apm_username "." $user_hash
unset user_hash
set f_insert_clientless_mode 0
# Get a list of internal session ids which are associated with user_key
# which in this case is user credential.
set apm_cookie_list [ ACCESS::user getsid $user_key ]
if { [ llength $apm_cookie_list ] != 0 } {
# Use the first entry in the list, and convert the internal session id
# into external session id.
set apm_cookie [ ACCESS::user getkey [ lindex $apm_cookie_list 0 ] ]
if { $apm_cookie != "" } {
# And insert it as cookie to be passed into APM.
HTTP::cookie insert name MRHSession value $apm_cookie
} else {
set f_insert_clientless_mode 1
}
} else {
set f_insert_clientless_mode 1
}
# Execute access policy in clientless mode.
if { $f_insert_clientless_mode == 1 } {
HTTP::header insert "clientless-mode" 1
HTTP::header insert "username" $apm_username
HTTP::header insert "password" $apm_password
}
unset f_insert_clientless_mode
}
when ACCESS_SESSION_STARTED {
# Associate the user_key with the session by assigning the value.
if { [ info exists user_key ] } {
ACCESS::session data set "session.user.uuid" $user_key
}
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-11.0.0 --First introduced the command.
BIG-IP 2022-04-12 iRule(1)