ltm rule event ACCESS POLICY AGENT EVENTΒΆ

iRule(1)					  BIG-IP TMSH Manual					     iRule(1)

ACCESS_POLICY_AGENT_EVENT
       This event provides glue between iRule execution and access policy execution.

DESCRIPTION
       This event provides glue between iRule execution and access policy execution. Admin can insert an iRule event
       agent in its access policy at some point in the access policy. During the access policy execution, iRule event
       agent is executed and ACCESS_POLICY_AGENT_EVENT is raised in iRules inside TMM. Admin can get the current
       agent ID (using an iRule command ACCESS::policy agent_id ) to know which of the iRule agent (in case there are
       multiple of them) raised the event and do some custom logic execution. This event allows admin to execute an
       iRule logic (inside TMM) at a desired point in the access policy execution. For example, if admin wants to do
       concurrent session checks for a particular AD group, admin can insert this agent after AD query, and once
       user's group has been retrieved from AD query, admin can check to see how many concurrent sessions exist for
       that user group in an iRule inside TMM.

Examples
	when ACCESS_POLICY_AGENT_EVENT {
	    if { [ACCESS::policy agent_id] eq "lastLogon" } {
		# our limit in seconds
		set 2weeks 1209600
		# diff in 100 nanosecond increments between MS time attribute (year 1601) and start of epoch
		set offset 11644473600000
		set adtime "[ACCESS::session data get session.ad.last.attr.lastLogon]"
		# convert adtime to milliseconds
		set millisecs [expr {$adtime / 10000}]
		# subtract offset
		set lastlogintime [expr {$millisecs - $offset}]
		# convert to seconds because milliseconds for 'now' were negative (maybe vmware issue)
		set secs [expr {$lastlogintime / 1000}]
		set now [clock seconds]
		# finally calculate the difference
		set diff [expr {$now - $secs}]
		log local0. "lastLogon: $diff seconds from current time"
		if { $diff > $2weeks } {
			    ACCESS::session data set session.custom.lastLogonWithin2Weeks 0
		} else {
			    ACCESS::session data set session.custom.lastLogonWithin2Weeks 1
		}
	    }
	}

HINTS
SEE ALSO
CHANGE LOG
       @BIGIP-10.1.0 --First introduced the event.  --Requires APM module

BIG-IP						      2020-06-23					     iRule(1)