Last Modified: May 29, 2024
Affected Product(s):
BIG-IP APM
Known Affected Versions:
16.0.1.1, 16.0.1.2
Opened: Jun 17, 2021 Severity: 3-Major
When using "OTP Verify" agent with Per Request Policies, OTP Source and Max Logon Attempts session variables cannot be configured using the UI.
If the configured logon page where users enter their OTP is configured to capture this token with anything different from a "password" session variable name, OTP Verify will fail.
Using "OTP Verify" agent with Per Request Policy
Manually edit bigip.conf from: apm policy agent otp-verify /Common/otpsub_act_otp_verify_subsession_ag { } To this new config: apm policy agent otp-verify /Common/otpsub_act_otp_verify_subsession_ag { otp-source "%{subsession.logon.last.otp}" } Where opt-source variable name matches what was set on the logon page.
None