Grega Zoubek

Do you have LDAP auth policy (no authentication) after Okta-SAML? You can use UPN, but also change default LDAP action to use UPN for as SSO parameter. If this does not work, you can insert custom loginschema to insert UPN as username

Use case - After LDAP auth, user receives PUSH from DUO on his device Specific attributes we need to send: More you can find here: https://duo.com/docs/oauthapi F5 logic (if helps) - https://community.f5.com/t5/technical-articles/apm-configuration-to-support-duo-mfa-using-irule/ta-p/283971. We are trying to reverse engineer iRule, but this one is not so trivial...Most of configuration we can copy to OAUTH Action, but we get stuck at token attribute inclusion. Default jwt attributes are not enough, so we need to add some extra ones. Thank you very much!

Hello Hemang, this field says "Attributes to be extracted". And you can only insert name of attribute. But we need to INSERT attribute with values. Similar to OAUTH iDP mask that actually has this option (where you add name=value@@@name2=Value2). We are missing this part Grega

Hello gurus... we are trying to integrate Netscaler with DUO over OAUTH for "behind the scene" second factor authentication. LDAP as first factor and then we plan to do OAUTH call to DUO that will send push notification. What we struggle with sending addtional attributes that DUO requires. In OAUTH Action on Netscaler Attribute field seem to be only for atribute extraction FROM JWT, not to add them. Is there any viable solution where we could insert addtional attributes that DUO requires into JWT? F5 has very detailed how-tp procedure with iRules - and it works flawlessly. Thank you very much for any insigts Grega P.S. SAML cannot be used as we do not want users to be redirected to DUO page

Hello Manjunath, your magic works, but please note that there is a question mark following < and just before >. Once you put in those ? there, fun part begins :). I cannot put in question mark in CLI (?!) and when I do that GUI, whole syntax dissapears

Hi gurus.... I want to do what seems to be pretty straight forward task - replace server response (body). Trick is that it is in XML format. If I use GUI and paste following syntax: "<?xml version="1.0" encoding="utf-8"?>", GUI will take it but once I return to rewrite action, I only see "" :). Log shows following action set rewrite action VPN_Store_Force_rw_act -target "http.RES.BODY(100000)" -stringBuilderExpr """"" Looks like all between <> is deleted. Tried escaping characters in GUI with , but result is the same. Tried also CLI ,but that would result in similar error as well. Is there any other way to use GT / LT symbols or to insert XML message in the response body? Thank you, Grega